“The lady doth protest too much, methinks.”
Amazon Web Service’s (AWS’s) announcement after the Capital One data breach was immediate, unqualified, unapologetic and absolute. AWS emphatically denied any culpability for the hack, which involved the theft of over 100 million Capital One credit applications residing on the AWS cloud service, declaring:
“AWS was not compromised in any way and functioned as designed . . . The perpetrator gained access through a misconfiguration of the web application and not the underlying cloud-based infrastructure. As Capital One explained clearly in its disclosure, this type of vulnerability is not specific to the cloud.”
In the complex world of data breaches, the AWS announcement seems surprisingly bold. How could AWS be so sure so soon of its blamelessness?