Amazon confirms breach of worker confidentiality following “incident” at third-party supplier’s facility.
Amazon has disclosed a data breach involving employee information, according to an announcement made to TechCrunch on Monday, which was confirmed by company spokesperson Adam Montgomery.
Amazon’s and AWS’ programs remain secure, with no reported incidents of compromised safety to date. Notices were recently issued regarding a few safety incidents involving one of our property management providers, which affected several of its clients, including Amazon. Amazon’s primary concern was obtaining workers’ work-related contact information, including electronic mail addresses, desk phone numbers, and office locations, according to Montgomery.
Amazon has declined to disclose the exact number of employees affected by the data breach. It is well-established that the unidentified third-party vendor lacks access to sensitive information such as Social Security numbers or financial data, and stated that the vendor had addressed the security vulnerability responsible for the data breach.
Following a claim by a malicious actor on the notorious BreachForums website that they had accessed and pilfered sensitive information from Amazon, an alleged affirmation was issued. According to the individual, they claim to possess a staggering amount of more than 2.8 million data records, allegedly pilfered during the course of last year’s incidents.
The enigmatic threat actor, operating under the pseudonym “Nam3L3ss,” purports to possess sensitive information purportedly pilfered from a staggering 25 major organizations, with cybersecurity firm Hudson Rock among those allegedly compromised.
“What you’ve witnessed thus far amounts to a mere fraction – less than 0.001 percent – of the vast information I’ve shared.” “I’ve never seen a thousand releases before.”
TechCrunch has reached out to the affected organisations listed by the threat actor, but has yet to receive any further responses.
The MOVEit breach, where attackers leveraged a newly discovered zero-day vulnerability in Progress Software’s file-transfer software, emerged as the most significant cyberattack of 2023.
The notorious Clop ransomware collective has been linked to a series of hacks affecting more than 1,000 entities, resulting in the theft of sensitive information from approximately 18.5 million individuals.
