Just to clear up some details;

No email was received when the change was made. I have seen these notifications in the past, but not when this last change occured. They didnt go into spam. I have no idea why we were not notified.

We went in circles with phone support for hours. Despite the significant and obvious financial impact this is going to have, we could not get the appropriate department on the phone. We were advised by each support rep that the case had been sent to fraud team and we would be updated via email (from the many forum posts I have read, this was not very confidence inspiring).

All passwords were changed AND we got started using two-step authentication. Turns out you can “exempt” a device from needing it EVERY time they log on, so we spent 15 minutes setting up all users with the two-step exemption. Now, only new devices (hackers) will be required to provide the authentication code.

We contacted local PD and filed a report, but without the full bank account/routing # and IP address that is very little (nothing) they can do at this point. Amazon does not show the bank name, only the last few digits of the account #. Amazon would need to provide this information and IP so we can complete a more though police report.

We have intentions to file with FBI/CIA as well, but with the limitations listed in the previous bullet point, we have little recourse until we get more information (Bank Name/Full account #/IP Address used to make the bank change) from Amazon.

A full summary of these events was also emailed to jeff@amazon.com - This last step seems to have the highest likelihood for success, with the downside of taking days (or weeks) to get a response or resolution. We will continue calling and emailing daily until we get the attention this deserves.

Will post updates as anything material changes - Until then, all the comments/feedback/support have been greatly appreciated.

Thanks all

WC