Amazon.com Inc. has fired a number of employees alleged to have leaked customer information to unaffiliated third parties in violation of company policies.

The incident first came to light after customers started reporting receiving messages from Amazon over the weekend. The messages noted that their email addresses were disclosed by an Amazon employee to a third party, and as a result the employee has been fired and referred to law enforcement.

Just how much data was leaked, how many employees were involved and to whom the data was given was not disclosed. The messages referred to a single employee leaking data, but Amazon said in a statement to Motherboard Monday that it had fired multiple people. Bleeping Computer reported today that the leaked data may not have been limited to customers in the U.S., with account holders in the U.K. receiving messages from Amazon Canada.

Insider threats remain an ongoing issue for companies large and small. In one example, “rogue” employees at Shopify Inc. were caught stealing merchant account data in September.

“It is critical for businesses to recognize that threats from legitimate users have always been more elusive and harder to detect or prevent than traditional external threats,” Orion Cassetto, director of product marketing at security information and event management firm Exabeam Inc., told SiliconANGLE. “Organizations must be armed with the tools to prevent threats from within their walls from launching attacks.”

Noting that there are ways for companies to combat employee data theft, Bryan Skene, chief technology officer at security firm Tempered Networks Inc., commented that many organizations have chosen to adopt a zero-trust policy to counter such insider threats.

“Zero trust protects against these situations because everything — user, server or networked device — is required to establish trust first in order to communicate, even within the network perimeter,” Skene explained. “We recommend utilizing a software-defined perimeter that extends invisibility to cloud, multicloud, virtual, physical and edge environments. This provides global connectivity and mobility for entire workforces using one comprehensible policy, wherever they are, for whatever they need to reach securely.”

Photo: Pxhere