In July, it was discovered thatthat was stored on Amazon Web Services, the e-commerce giant's popular cloud service. The incident impacted approximately 100 million people in the United States and six million in Canada, Capital One said at the time. The suspected hacker, former Amazon employee Paige A. Thompson, allegedly accessed the information by taking advantage of a firewall misconfiguration in Capital One's cloud infrastructure.
The senators also write that Amazon knew that its servers were vulnerable to SSRF attacks since August 2018, when a cybersecurity researcher contacted the company. An Amazon Web Services spokesperson called the letter's claims "baseless" in a statement to Business Insider, saying that the attacker targeted a misconfiguration of Capital One's firewall. See below for the company's full comment.