Amazon's former head of information security said the company's customer data protection was a mess: 'It was all put together with tape and bubblegum'
- Amazon has major issues with customer data security, according to a new Wired report.
- Amazon's former head of security said the company's infrastructure was held together by "tape and bubblegum."
When Amazon's former vice president of information security was first hired in early 2017, he found Amazon's consumer security infrastructure to be a total mess.
"It was all put together with tape and bubblegum," Gary Gagnon told Wired. "It grew up out of a garage and it just kept going from there."
Though the company's security around new, unannounced products was strong, Amazon's security around customer data was totally open and under resourced, he said.
"It was shocking to me," Gagnon told Wired.
When he asked for budget to hire more staff, he said he was routinely turned down. Meanwhile, Amazon employees had a stunning level of access to customer information, he said — to the point that Amazon staff were reportedly spying on celebrity purchases.
Gagnon goes on to describe a company focused on growth and customer satisfaction at all costs — including basic consumer protections.
"The philosophy at Amazon was about customer experience. They wanted to delight the customer ... And that was at the expense of everything else," he said.
He detailed his concerns in an internal memo to former Amazon consumer CEO Jeff Wilke, viewed by Wired. In it, Gagnon said Amazon's security team was unable to keep up with the company's expansion, and therefore couldn't fully protect its data.
"We lack visibility into the data we are charged with protecting," Gagnon wrote. "We do not systematically know the data flows and storage locations of sensitive data."
Amazon spokesperson Jen Bemisderfer refuted Gagnon's statements, and said the company has "an exceptional track record of protecting customer data." Moreover, Bemisderfer said Amazon has "invested billions of dollars over the years to build systems and processes to keep data secure, and are constantly looking for ways to improve."
Read the full report from Wired here.
Got a tip? Contact Insider senior correspondent Ben Gilbert via email (bgilbert@insider.com), or Twitter DM (@realbengilbert). We can keep sources anonymous. Use a non-work device to reach out. PR pitches by email only, please.