Amazon admits it exposed user emails following technical error
Customers in the U.S., the U.K. and Europe have reported receiving an email from Amazon
Published - 22-November-2018
Amazon emailed users Tuesday, warning them that it exposed an unknown number of customer email addresses after a “technical error” on its website, say reports.
“We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error,” said Amazon in the email with the subject line: “Important Information about your Amazon.com Account.” The only details Amazon provided were that: “The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.”
The security lapse comes days ahead of one of the busiest retail days of the year, the post-Thanksgiving holiday sales day, Black Friday. Customers in the U.S., the U.K. and Europe have reported receiving an email from Amazon.
Amazon, as a Washington-based company, is required to inform the state attorney general of data incidents involving 500 state residents or more. Yet, in Europe, where data protection rules are stronger — following General Data Protection Regulation (GDPR) — it’s less clear if Amazon needs to disclose the incident.
The U.K.’s data protection regulator, the Information Commissioner’s Office, told TechCrunch: “Under the GDPR, organisations must assess if a breach should be reported to the ICO, or to the equivalent supervisory body if they are not based in the UK.”
“It is always the company’s responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers,” a spokesperson said to TechCrunch. “The ICO will however continue to monitor the situation and cooperate with other supervisory authorities where required.”