As previously reported by 404 Media, Amazon says the data breach exposed employee email addresses, phone numbers and building locations. In a statement to The Verge, Amazon spokesman Adam Montgomery said the company was “notified of a security incident at one of our property management providers that affected multiple customers, including Amazon.”
The confirmation follows a report by cybercrime firm Hudson Rock that the information posted on a hacker forum contained data from Amazon as well as 25 other companies, including MetLife, HP, HSBC and Canada Post.
Hudson Rock said the exposed information dates back to May 2023 and relates to a critical security flaw in the MOVEit file transfer system that was revealed last year, adding Amazon to a list of affected organizations that already includes the BBC, British Airways, Sony, the US Department of Energy and many others. They also point out that the person who posted the information claimed it was “only a small portion of the data they have.”
“Amazon and AWS systems remain secure and there have been no security incidents,” Montgomery said. “The only Amazon information affected was employee contact information such as work email addresses, desk phone numbers and building addresses.
It is unclear how many employees were affected by the breach, but a screenshot from a hacker forum post shows the alleged Amazon data breach contains more than 2.8 million rows. Montgomery told The Verge that the data theft did not include employees’ Social Security numbers, government identification documents or financial information.
