Amazon distanced itself from a recent leak of customer data from Capital One, stating unequivocally that their AWS system was not at fault. Capital One confirmed the breach and informed the press that over 100 million clients were affected by the leaked data. Among the data that was stolen were over 80,000 bank account numbers and 140,000 social security numbers. Capital One’s spokesperson stated that the details were taken because of a misconfigured firewall sometime in March of 2019.
Capital One’s electronic system runs on the backbone of Amazon’s AWS cloud framework. Concerns were raised as to whether the online retail giant’s software was at fault for the breach, but Amazon denies its cloud system had any responsibility. An Amazon Web Services spokesperson noted that AWS was not compromised in any way and the system functioned as expected. They also cited Capital one’s press release statement that vulnerabilities of this type were not unique to cloud systems.
Not The First Leaky Cloud Deployment
While AWS may not be responsible for data breaches, a surprising number of applications on their cloud framework have suffered data breaches in recent months. An IT contractor named Attunity leaked details dealing with large companies such as Ford and Netflix, again because of poor server configuration. AWS has always been upfront about providing consumers with complete control over their databases and cloud deployments. The responsibility they grant to users also includes how they secure their data. Poor server configuration is not Amazon’s fault, but the failure of the company using the framework.
The Data breach raises some critical questions for enterprises intending to use AWS in the future. Companies need to have better security architecture in place to avoid becoming another victim of poor security configuration. In the Capital One data breach, authorities have made one arrest and investigations are continuing.