Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Amazon says employee data impacted in third-party breach

Third party breach Amazon Third party breach Amazon
Third party breach Amazon
Image Credit- Getty Images

Amazon confirmed Monday that some employee data, including names and email addresses, was obtained by a threat actor in a breach that impacted a third-party vendor.

In a post on a hacker forum, a threat actor claimed that the data was stolen during the widespread 2023 attacks that exploited a vulnerability in Progress’ MOVEit file transfer tool, according to a report from 404 Media.

In a statement provided to CRN, Amazon attributed the data theft to an incident that affected a third-party vendor.

“Amazon and AWS systems remain secure, and we have not experienced a security event,” the company said in the statement. “We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.”

Along with Amazon employee names and email addresses, the stolen data also included phone numbers and locations where the employees worked, the Amazon statement said.

The third-party vendor breached in the attack was not identified.

The MOVEit data theft and extortion attacks in 2023 struck a total of 2,773 organizations and nearly 96 million individuals, making it one of the largest data heists in recent years, according to tallies by cybersecurity firm Emsisoft.

Within the IT industry, victims of the MOVEit data extortion campaign included IBM, Cognizant, Deloitte, PricewaterhouseCoopers and Ernst & Young.

Content Courtesy – CRN