Account Hacked & GDPR
Hi,
Just read that someone had their Amazon account hacked and funds transferred by a scammer who called them and got them to handover login details etc.
On 25th May GDPR kicks in, what happens in the scenario mentioned above. Scammer gains access not only to sellers funds but could access hundreds or thousands of the sellers EU customers records.
My limited understanding of the new GDPR rules is this may constitute a GDPR violation, even if the scammers did not go anywhere near customer data, they had access to it.
Putting aside the sellers issues with missing funds, what happens next regarding GDPR regulations:
- Does each of the sellers EU customers on Amazon need to be contacted and advised their details may have been compromised?
- I assume it has to be reported to IOC as a data breach of customer data?
- Who does the reporting Amazon, seller or both?
I assume that if the above is correct, this is going to cause a big headache for Amazon not to mention the seller.
Could it result in hacked sellers being banned from selling, if Amazon have to start reporting data breaches on a regular basis where hundreds or thousands of their customer data sets have been compromised.
Food for thought…
D…
Seller_EHYOwAkoZV3Hb
I don’t wish to dismiss your post outright, you’ve clearly put a lot of thought into it, but personally, not speaking for others, I worry about things I can actually influence.
Strong security measures, eg not giving away my user details, not using my cat’s birthday as a password, etc is an absolute must. But not for GDPR reasons!
Seller_0Amk0hnQkPWMH
But it wasn’t a data breach in the usual sense of the phrase, because the seller willingly gave away their details by clicking the links in the text message. GDPR does not cover people’s stupidity. It maybe harsh but people have to take responsibility for their own actions.
Seller_0pkMTMROIPEmY
That would be highly unusual to be able to download funds to what would be an alternative bank account simply from your login details, Amazon will not accept a bank account change without a reasonable level verification emails sent to the original Primary email address, along with a text message sent to the Primary mobile phone number held. In addition the credit card held on file is typically linked to the bank account, this can actually trigger a new verification process than can take several days if not weeks to complete and actually get around to disbursing funds.
This is also why 2 Stage verification is important
