Amazon quizzed over AWS security following Capital One leak

House of Representatives committee plans to quiz Amazon over AWS security following Capital One data breach

Politicians in the US have quizzed Amazon about its security practices after a former employee was accused of causing a major data breach at Capital One.

A group of Republicans in the House of Representatives asked the e-commerce giant about its security protocols on Thursday, according to Reuters.

In a letter addressed to Amazon CEO Jeff Bezos, Representatives Jim Jordan, Michael Cloud and Mark Meadows expressed their concerns about the data leak and its potential impact.

"The Capital One data was stored on a cloud storage service provided by Amazon Web Services," they wrote. "The outside individual who accessed the data was allegedly a former AWS employee."

Because AWS will provide the trusted internet connection and cloud support for the 2020 Census... the Committee may carefully examine the consequences of the breach

In particular, officials are worried about the potential implications of an insecure cloud system within government departments and could launch an investigation into the breach.

The politicians continued: "Because AWS will provide the trusted internet connection and cloud support for the 2020 Census and could potentially run the Department of Defense's Joint Enterprise Defence Infrastructure cloud computing system, the Committee may carefully examine the consequences of the breach."

They went on to ask the company to attend a meeting about "this serious matter". The letter added: "We respectfully request a staff-level briefing no later than August 15, 2019 on the current status of AWS security protocols in place to ensure the security of sensitive personal and government data."

On Monday, former AWS software engineer Paige Thompson was arrested in connection with a data breach at Capital One earlier this year that exposed the personal information of 106 million Americans and Canadians.

She has been charged with computer fraud and abuse, and could face a prison term of up to five years and a fine of up to $250,000.

Between March and April this year, it is believed that Thompson obtained credentials for an administration account, searched for the names of folders and data buckets on Capital One's AWS storage space, and subsequently stole sensitive data.

Further reports suggested that companies named in the leaked Capital one files, including Ford and Italian bank UniCredit, may also have been breached. However, Amazon said there is no evidence to support these claims.

Speaking to Bloomberg, a spokesperson for AWS explained that the company had "reached out to the customers mentioned in online forums by the perpetrator to help them assess their own logs for any evidence of an issue".