Employee data from Canada Post, Amazon and more revealed in data breach

A massive data breach impacting potentially hundreds of companies like Canada Post, Amazon, HP, Lenovo and more has exposed employee data such as names, email addresses, phone numbers and more.

The details come from an ‘InfoStealers’ report by cybercrime firm Hudson Rock. According to the report, the stolen data comes from a vulnerability in file transfer software called ‘MOVEit’ and was discovered in mid-2023. The flaw allowed hackers to bypass authentication and access sensitive data.

Stolen data dating back to May 2023 was shared online. The data includes employee directories from 25 major organizations and the person who shared the data online claims they have much more coming. The data shared so far includes names, email addresses, phone numbers and more. In some cases, it even includes companies’ entire organizational structures.

According to Hudson Rock, over 69,000 Canada Post records were included in the stolen data, while Amazon topped the list with over 2.8 million records. Other notable companies on the list include MetLife, HSBC, U.S. Bank, HP, Delta Airlines, 3M, Lenovo, City National Bank and McDonald’s.

The Hudson Rock report builds on a growing list of impacted companies and governments when the hack came to light last year, such as the BBC, British Airways, Sony, the U.S. Department of Energy, states and more.

MobileSyrup reached out to Canada Post to learn more about what data was stolen and what steps the organization is taking but did not hear back prior to publication.

Amazon confirmed that it was hit by the breach in statements to 404 Media and The Verge. The company stressed that the breach only impacted employee data and that “Amazon and AWS systems remain secure.” It also told The Verge that the breach didn’t include employee social security numbers, government IDs or financial data.

Image credit: Shutterstock

Source: Hudson Rock Via: The Verge, 404 Media