// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
Breach Record

Amazon

DISCLOSED 2023-05-01 · SUPPLY CHAIN

Amazon disclosed a data breach involving employee information that was stolen during the May 2023 MOVEit Transfer attacks. The breach was part of a widespread campaign by the Cl0p ransomware group exploiting a vulnerability in the MOVEit file transfer software. The compromised data was obtained through a third-party vendor, not directly from Amazon's systems.

The record

What we know

Disclosed
2023-05-01
Attack vector
Supply Chain
Sector
Technology
Country
US
Domain
amazon.com
Data classes exposed
employee data
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · unclear · opinion

The breach involved a third-party vendor's MOVEit Transfer software, not Amazon's own endpoints. A positive-security model on Amazon's systems would not have prevented the initial compromise of the vendor's infrastructure.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other supply chain breaches on file

This page is the permanent ColdRecon entry for the Amazon disclosure. It updates if new public reporting emerges. All tracked breaches →

Amazon just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →