-2

I have received an email from Amazon reporting a security breach on my account (which I do not believe it is genuine and it happens often because of my dynamic IP).

I have requested further details (IP/Location/User Agent/How did they identify it as a breach) but they refused to give me those details.

Is that legal? Is there anything I can do to force them to release the details? I want to make sure it is not an actual security breach.

Improve this question
2
  • Are you talking about an ordinary user account, or is this something like Amazon Web Services where there's a security problem with your application?
    – Barmar
    Commented Jun 28 at 22:43
  • It seems to me the easy answer is to make a GDPR SAR.
    – User65535
    Commented Jun 29 at 1:04

1 Answer 1

Reset to default
2

In general, your computer security is not Amazon's problem, so they wouldn't have any obligation to tell you anything at all unless there is some law or contract specifying otherwise.

Many US states do have security breach notification laws. You could try to figure out which state's laws apply here (possibly your state, or the state where Amazon is incorporated, or both), and see what the relevant law says. In general, though, these laws usually only require the company to tell you that a breach occurred, and what personal information of yours may have been accessed. I don't think they usually require the company to tell you anything about details of the attack.

Improve this answer
7
  • Thanks for the answer, I am in the UK. I find it absurd that they can "upset" me by telling me this without giving me details in particular because I "know" it was not an actual breach, but just their system being stupid.
    – Stefano d'Antonio
    Commented Apr 28, 2017 at 18:06
  • Well, laws don't generally prohibit parties from "upsetting" each other. If you think there should be a law about this, you can always write your MP. And if you don't like Amazon's practices you can take your business somewhere else. By the way, in future, please always specify your jurisdiction in your question, so that people don't waste time writing about laws that turn out to be inapplicable.
    – Nate Eldredge
    Commented Apr 28, 2017 at 18:48
  • 1
    @Stefanod'Antonio The problem here is that if the information ends up not belonging to you then they've just released personal information, potentially illegally. Even if the person who accessed your account was a hacker, that person still has privacy rights and companies can't just go around giving out all the intimate details.
    – animuson
    Commented Apr 28, 2017 at 21:34
  • @NateEldredge I have seen some legal documents in Italy and my solicitors were accusing a policeman of "causing me worries" by giving me an unjustified ticked so I presumed it was a rightful legal accusation. Indeed it makes sense to me that, regardless of how ridiculous it is, a party who caused you any problem should be held responsible for that problem no matter how small it is. But, I'm not a solicitor and I don't know much about UK laws either...
    – Stefano d'Antonio
    Commented Apr 30, 2017 at 6:12
  • @animuson I'm probably thinking to logically and not enough "legally". In USA I think you even have the right to shoot someone if he breaks into your house (?) (a bit extreme for me and I disagree, but just trying to explain my point), I would expect at least the right to know who the person was if they steal your account. I think I will try and ask the police to take the details from Amazon and compare them against my location/user agents, but I have a feeling police won't give a crap.
    – Stefano d'Antonio
    Commented Apr 30, 2017 at 6:16

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .