Amazon allowed major breaches in customer data protection, alleges ex-chief of InfoSec - Rickey J. White, Jr. | RJW™
25908
post-template-default,single,single-post,postid-25908,single-format-standard,ajax_fade,page_not_loaded,,qode-theme-ver-16.3,qode-theme-bridge,wpb-js-composer js-comp-ver-5.4.7,vc_responsive
 

Amazon allowed major breaches in customer data protection, alleges ex-chief of InfoSec

18 Nov Amazon allowed major breaches in customer data protection, alleges ex-chief of InfoSec

Posted at 15:30h in Popular Newsfeed by
0 Likes

A former Amazon executive says the company doesn’t take customer data protection seriously enough. “It was put together by tape and bubblegum,” ex-chief information security officer Gary Gagnon says in a new report published today by Wired and the Center for Investigative Reporting’s Reveal. Their investigation documents show Amazon’s mission to track and analyze every move we make as consumers—”What you search for, what you buy, what shows you watch, what pills you take, what you say to Alexa, and who’s at your front door”—has backfired into a sort of Achilles’ heel for data security.

Gagnon says when he started in 2017, customer data protection was almost an afterthought. “It was shocking to me,” he tells Wired and Reveal. New consumer product launches were shrouded in “utmost secrecy,” yet employees were given astounding amounts of access to practically everything else, including customer information—with no checks in place to prevent abuse. In addition, the data breaches occurring externally were “breathtaking.” (Apparently, for 2 years, 24 million customers’ names and credit-card numbers sat outside Amazon’s secure payment zone, completely exposed.)

Gagnon also notes that his team numbered about 300 when he was hired, but should have been “more like 1,000.” When he asked for more resources, global consumer business CEO Jeff Wilke would usually turn down the request. Gagnon came to believe InfoSec was seen as dead weight: Amazon Web Services’ separate security team had the ability to generate revenue through cloud data-protection products, but the consumer team was seen as draining money from the cool projects that “made Amazon faster, more profitable, and more pleasurable.” The publications report Gagnon warned that Amazon was expanding too fast, and that the casualty was going to be data security.

A spokesperson for Amazon issued a generic statement calling their track record “exceptional” when it comes to protecting customer data. The spokesperson noted they’ve also invested billions over the years “to build systems and processes to keep data secure,” adding that they’re “constantly looking for ways to improve.”


Source: Fast Company

Tags:
No Comments

Sorry, the comment form is closed at this time.