Amazon Confirms Employee Data Stolen After Hacker Claims MOVEit Breach (techcrunch.com) 5
Amazon has confirmed that employee data was compromised after a "security event" at a third-party vendor. From a report: In a statement given to TechCrunch on Monday, Amazon spokesperson Adam Montgomery confirmed that employee information had been involved in a data breach. "Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations," Montgomery said.
Amazon declined to say how many employees were impacted by the breach. It noted that the unnamed third-party vendor doesn't have access to sensitive data such as Social Security numbers or financial information and said the vendor had fixed the security vulnerability responsible for the data breach. The confirmation comes after a threat actor claimed to have published data stolen from Amazon on notorious hacking site BreachForums. The individual claims to have more than 2.8 million lines of data, which they say was stolen during last year's mass-exploitation of MOVEit Transfer.
Amazon declined to say how many employees were impacted by the breach. It noted that the unnamed third-party vendor doesn't have access to sensitive data such as Social Security numbers or financial information and said the vendor had fixed the security vulnerability responsible for the data breach. The confirmation comes after a threat actor claimed to have published data stolen from Amazon on notorious hacking site BreachForums. The individual claims to have more than 2.8 million lines of data, which they say was stolen during last year's mass-exploitation of MOVEit Transfer.
why now? (Score:2)
That hack was over a year ago. How is it that Amazon is only reporting it now?
Some guesses who the vendor might be... (Score:2)
1. Firm handling legal compliance for employee records associated with one of multiple employee lawsuits against Amazon.
2. Firm doing HR/Payroll.
3. Firm doing layoff compliance filing with states (WARN notice)
Gee, thanks Amazon - boy that makes a difference (Score:2)
So instead of Amazon employee data being stolen directly from you, instead the data was "only" stolen from somebody you paid to manage your data.
I'm sure that makes all the difference in the world to the people whose data was stolen. They'll sleep well tonight, secure in the knowledge that you're trying to present yourself as legally protected from culpability. For data you collected, you own, and you handed to the vendor you hired.
I like to MOVEit MOVEit (Score:2)
All girls all over the world
Original Mad Stuntman pon you case man
I love how all girls a move them body
And when you move you body
Oh ya move it nice and sweet and sexy, alright
Security event? (Score:2)
Now they're called security events? Fucktards.