Major online retail website Amazon is admitting that they have suffered a data leak to their customers. The news broke just days before Cyber Monday.
It’s a term no international web company wants to have floating around in their offices: data leak or data breach. This is thanks to European data breach laws known as GDPR which can levy huge fines (on the order o a percentage of global revenue) against the companies in question. Those laws went into force back in early June.
So what could be worse than a breach that could theoretically see a company liable for major fines? A breach that occurs just days before a major event that can help swell a bottom line.
This double-whammy may have hit Internet giant Amazon. Days before Cyber Monday, the company wound up admitting to it’s customers that they have suffered from a data leak. In an e-mail to customers, Amazon blamed a technical error for the leak. Amazon says that customer names and e-mails could have potentially been exposed as a result.
While the news may be bad, it seems details beyond this information are rather scarce. In one report, it was noted that it is still unclear whether or not Amazon has contacted the ICO (Information Commissioner’s Office).
Security expert Graham Cluley was among the customers that received the e-mail and said that the details disclosed are quite light. The report goes on to state the following:
the company has since publicly admitted the breach. In a statement to Computing, it claimed: “We have fixed the issue and informed customers who may have been impacted.”
However, the company is remaining tight-lipped on crucial details, such as the cause of the breach and how many customers have been affected.
From the PR front, this is a potential disaster because so many customers are wanting to use Amazon and are now faced with the idea that their information is now floating around somewhere in the Internet ether. As a result, it makes shopping at Amazon with confidence more challenging which is obviously the last thing Amazon needs right now.
What’s more is the lack of very much detail about the leak. The thing about this is that a lot of companies have, in the past, tried to cover up breaches by not disclosing the information publicly. This was before the GDPR laws took effect. What ends up happening is that when the leak or breach is later found out, the public image of a company tends to be far more damaging than if they had admitted to the problem in the first place.
So, with Amazon not disclosing much, it’s hard to imagine a scenario where the company comes out with a better public image the longer it withholds details. The best scenario we can see is that they were still investigating what went wrong and working on the details so accurate information made it out to the public. Best case scenario, this can be problematic because the original statement makes no such assertion. So, for potential critics, it winds up coming off as a last minute excuse to patch over a botched initial disclosure. It could also raise questions on whether or not Amazon was ever really prepared to deal with a scenario like this.
Either way, this is likely not the way Amazon wanted to go into the final weekend before their Cyber Monday special.