Amazon’s customer data security was a mess, says former security director

  • Amazon has major issues with customer data security, according to a new Wired report.
  • The former Amazon chief of security said the company’s infrastructure was held together by “tape and bubblegum”.
  • “It was shocking to me,” said former Amazon Security VP Gary Gagnon.

When Amazon’s former vice president of information security was first hired in early 2017, he found Amazon’s consumer security infrastructure a total mess.

“It was all put together with tape and gum,” Gary Gagnon told Wired. “It grew up out of a garage and it just kept going.”

While the company’s security around new, unannounced products was strong, Amazon’s security around customer data was completely open and resourced, he said.

“It was shocking to me,” Gagnon told Wired.

When he asked for budget to hire more staff, he said he was regularly rejected. Meanwhile, Amazon employees had an astonishing level of access to customer information, he said — to the point that Amazon employees were allegedly spying on celebrity purchases.

Gagnon goes on to describe a company that is focused on growth and customer satisfaction at all costs – including basic consumer protection.

“The philosophy at Amazon was about customer experience. They wanted to surprise the customer… And that came at the expense of everything else,” he said.

He detailed his concerns in an internal memo to Jeff Wilke, former Amazon consumer CEO, viewed by Wired. In it, Gagnon said Amazon’s security team couldn’t keep up with the company’s expansion and therefore couldn’t fully protect its data.

“We have no insight into the data we need to protect,” Gagnon wrote. “We don’t systematically know the data flows and storage locations of sensitive data.”

Amazon spokesperson Jen Bemisderfer refuted Gagnon’s statements, saying the company has “an exceptional track record of protecting customer data.” In addition, Bemisderfer said Amazon “has invested billions of dollars over the years building systems and processes to keep data safe, and is constantly looking for ways to improve.”

Read Wired’s full report here.

Do you have a tip? Contact Insider senior correspondent Ben Gilbert via email (, or Twitter DM (@realbengilbert). We can keep sources anonymous. Use a non-work device to contact. PR pitches by email only, please.

Leave a Comment