E-commerce giant Amazon India reported the cybersecurity lapse only a month after it ‘inadvertently disclosed’ email addresses of its users. The tech giant has reported a data breach that spooked e-commerce users.
The technical glitch had accidentally disclosed the financial information of some sellers while others tried to download reports pertaining to merchant tax. Amazon India said the error has been addressed.
“On Sunday, some sellers who attempted to download merchant tax reports for the month of December 2018 experienced a technical issue. Our teams identified the issue and resolved it on priority and sellers were soon able to download the correct reports,” Amazon India said.
Some merchants who were downloading their monthly sales report, which includes details of sales through Amazon, were instead provided with financial data of other sellers.
The tech giant, while confirming the security lapse on its part, said that the sellers are now able to download their own tax reports for the month of December 2018.
Amazon India, however, did not disclose the number of sellers who were affected by the data breach, according to Business Standard.
Lack of personal information
The cybersecurity lapse occurred only a month after the Washington-headquartered e-commerce giant leaked personal information such as names and email addresses of its users. Although Amazon admitted to “inadvertent data leak”, it didn’t disclose the names and numbers of the users who were affected.
While compromised personal data such as email, phone numbers and addresses are often illegally used by hackers in phishing scams, the leak of business data of the sellers/ traders is even more detrimental.
Not only does the information breach puts distrust among the sellers/users, but such security lapse could also affect the merchant’s business by providing their sales/business data to rivals.
In India, there is no law in place that holds the e-commerce giants accountable for data leak. However, a bill is likely to be tabled in Parliament soon aiming to strengthen cybersecurity laws and penalise tech giants responsible for such lapses.