Amazon fires employees for leaking customer data

13 Jan 2020

Image: © dzianominator/Stock.adobe.com

The e-commerce giant said it is supporting authorities in the prosecution of former employees who were involved in leaking customer data to third parties.

On Friday (10 January), it was reported that Amazon was notifying a number of customers that their email addresses and phone numbers had been shared by at least one employee to a third party, in violation of Amazon’s policies.

The company sent an email, seen by Business Insider and TechCrunch, telling these customers that an employee had been “terminated” for sharing such data, and that the company is supporting law enforcement in an investigation into the breach.

In the email, Amazon said: “No other information related to your account was shared. This is not a result of anything you have done and there is no need for you to take any action.”

Amazon confirmed the incident but it is not known how many customers were affected. A spokesperson then told TechCrunch that a number of employees were fired.

Security incidents

Some outlets have outlined the similarities between this incident and a “technical error”, which resulted in the sharing of customer names and email addresses, in November 2018.

Meanwhile, in September 2018, The Wall Street Journal reported that some Amazon employees were selling customer data to third-party sellers and brokers, who used the data to get better reviews and improve their sales. Employees involved in this incident were fired immediately.

Amazon has also recently called the Honey app a “security risk”, a move that the company said was intended to “warn customers about browser extensions that collect personal shopping data without their knowledge or consent, such as customer name, shipping and/or billing address, purchase data and payment method from the checkout page”.

Amazon Ring

Just days before Amazon emailed customers to let them know that their email addresses and phone numbers may have been leaked, Vice reported that Amazon’s security camera doorbell business Ring was also in the process of firing employees that violated its privacy policies.

In a letter, obtained by Vice Motherboard, the company wrote to five US senators informing them that a number of employees have been fired for improperly accessing Ring users’ video data.

Amazon said: “Over the last four years, Ring has received four complaints or inquiries regarding a team member’s access to Ring video data.”

While these employees were authorised to view video data, their attempted access went beyond what was necessary to complete their jobs. In each of these instances, Amazon said that the individuals involved have had their employment terminated.

The company added that it has now tried to limit the number of people who can access video, with the letter claiming that just three employees can currently access stored customer videos.

Kelly Earley was a journalist with Silicon Republic

editorial@siliconrepublic.com