Amazon employee breaches data when one or more Amazon employees disclosed customer email addresses to an unknown third party, prompting Amazon to send a notification email out to impacted customers which read as follows:
“We are writing to let you know that an Amazon employee disclosed your email address to a third-party in violation of our policies. As a result, we have fired the employee, referred them to law enforcement, and are supporting law enforcement’s criminal prosecution.”
“No other information related to your account was shared. This is not a result of anything you have done, and there is no need for you to take any action. We apologize for this incident.”
While we should be happy with the quick, decisive action on Amazon’s part, the email has almost annoyingly short on details. When did this happen? How did it happen? Who saw the email disclosures? How large was the breach? We don’t know. We don’t have answers to any of those questions, and we probably should.
If there’s a silver lining here, it lies in the fact that there’s nothing for you to do, and nothing went to an unknown third party other than your email address. Even so, it means that over the next span of weeks, you are on high alert for phishing emails, and you’re almost certain to receive at least a few spammy marketing emails if you receive Amazon’s notification.
Unfortunately, that’s all the information we have, and given that, we can’t rate Amazon’s response to the incident highly at this point. A company as big and seasoned as Amazon should know better and be more adept at handling the fallout from these kinds of issues, so we’re a shade disappointed in them.
In any case, if you didn’t get a copy of the email, your information was safe. In either case, there’s nothing to do except to be on your guard.