Amazon recently confirmed that some of its employees’ information was exposed in a data breach that involved one of its third-party sellers. According to a statement provided to TechCrunch, Amazon assured that its own systems would remain secure, and that the breach was limited to work-related contact details, such as employee work emails, desk phone numbers, and building location. No sensitive information such as Social Security numbers or financial data was compromised. Although the seller’s security vulnerability has been patched, Amazon did not disclose how many employees were affected.

“Amazon and AWS systems are secure, and we have not experienced any security incidents. We were notified of a security incident at one of our property management vendors, which impacted several of its customers, including Amazon. “The only Amazon information included was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” an Amazon spokesperson told TC.

The breach, reported by TechCrunch, has raised renewed concerns about security risks associated with third-party vendors. The incident appears to be part of a larger wave of cyberattacks, known as the MOVEit breach, which took advantage of a security flaw in a popular file-transfer software. During this breach, hackers accessed massive amounts of data from several high-profile organizations. A hacker going by the name “Nam3L3ss” claims to have posted over 2.8 million pieces of data from multiple organizations, including Amazon, on BreachForum, a well-known website in the hacking community.

The MOVEit hack was one of the most devastating cyberattacks of 2023, affecting hundreds of companies and government bodies. For example, in the US, the Oregon Department of Transportation lost 3.5 million records, and Maximus, a government contractor, had 11 million records compromised. A group called Clop, which is known for using ransomware to hack and blackmail organizations, is suspected to be behind the attack.

What makes such incidents particularly worrying is that they highlight a growing challenge for companies relying on third-party services for data management. Although Amazon’s own systems were secure, they still faced the impact of their seller’s security issues. When companies use third-party providers, they increase their trust in these external systems, often without full control over the provider’s security. This incident highlights the risks that come from relying on external vendors and the importance of checking that their security practices are strong.

For both companies and employees, this breach highlights the need for vigilant data security every step of the way. When organizations outsource parts of their operations, they must ensure that the vendor follows strict cybersecurity practices and conducts regular audits to check for weak spots. As businesses continue to rely on external providers, the need for a solid partnership that prioritizes security is vital to protect both company and personal data.