An article in the Wall Street Journal this month alleged that Amazon employees have been accepting bribes to leak confidential company data, including sales metrics and the personal details of reviewers to sellers.
According to the newspaper, Amazon had confirmed it was investigating these allegations and that any members of staff found guilty of inappropriate conduct would be facing termination as well as possible legal action.
The wall Street journal reported:
“In exchange for payments ranging from roughly $80 to more than $2,000, brokers for Amazon employees in Shenzhen are offering internal sales metrics and reviewers’ email addresses, as well as a service to delete negative reviews and restore banned Amazon accounts, the people said.
Amazon is investigating a number of cases involving employees, including some in the U.S., suspected of accepting these bribes, according to people familiar with the matter.”
The threat from within
This story serves as a useful reminder that not all data breaches originate from the determined work of hackers seeking to circumvent your security systems. So, whilst companies are right to invest in firewalls, backups and encryption systems that protect their most critical data from targeted cyberattacks, they should also remain alive to the human threat.
Since the advent of GDPR in May this year, businesses have been encouraged to train staff to follow best practices, remain aware of the importance of data security and avoid simple, honest mistakes that could lead to breaches.
However, internal staff who may be tempted to reveal highly sensitive data in return for financial gain, remain a very difficult threat to shut down.