Amazon data breach – what do you need to know?

data breach

Amazon customers have had their names and email addresses put at risk in the latest high-profile data breach. The personal information was divulged on the online retailer’s website just two days before multi-billion pound shopping day Black Friday.

As yet, Amazon has not confirmed how many people have been affected or where they are based.

What caused the Amazon data breach?

Rather than being caused by a cyber-attack, the online retail giant has said that the data breach occurred because of a technical problem.

Neither its website nor any of its systems are thought to have been breached. Furthermore, according to Amazon, it has informed customers who may have been put at risk and the issue has now been fixed.

However, as yet, there’s no information about who was able to access the compromised data.

What should you do if you are worried about the Amazon data breach?

Amazon claims that there is no need for worried customers to change their passwords. In an email to affected customers Amazon said:

“Our website inadvertently disclosed your email address or name and email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action. The impacted customers have been contacted.”

It added: “Amazon takes all security-related matters very seriously and your account security is our top priority. We have policies and security measures in place to ensure that your personal information remains secure.”

However, cybersecurity experts dispute this advice and are advising customers to change their passwords on Amazon, and on any other accounts that use the same password.

Richard Walters, chief technical officer of cybersecurity firm CensorNet, said: “If the reports are correct, the information leaked – names and email addresses – is less significant than some of these other breaches, which saw card details leaked”.

However, it would be wrong to assume that this makes the breach inconsequential. Cyber-criminals can do a lot of damage with a large database of names and emails.

“A large majority of people still use predictable passwords, and thanks to previous high-profile breaches many people’s passwords are also readily available on the dark web. For cyber-criminals, it then just becomes an exercise in joining the dots.”

Certainly, cybercriminals can do plenty of damage with this information, and at Hayes Connor Solicitors we would strongly advise you to change your password ASAP and set up two-factor authentication on your Amazon account if you haven’t done so already. You should also look out for an increase in spam or phishing emails.

What happens next?

The Information Commissioner’s Office (ICO) – which has the power to impose hefty fines on organisations who fail to meet the requirements of the Data Protection Act – is aware of the situation.

If Amazon has put your data at risk, we would advise you to contact them and ask them to assess what happened. If the ICO finds Amazon guilty of breaking data protection regulations, you can then use this information to support a data protection compensation claim.

Amazon data breach group action

At Hayes Connor Solicitors, we are now considering launching a no-win, no-fee group action to compensate victims of the Amazon data breach.

Find out more about group actions.

To become part of this group action, we need you to register with us. This guarantees that you will form part of the compensation claims that will be lodged by us.