Organisationsprofil
OrganisationCapital One Financial Corporation is a network infrastructure operator.
Die Entität sitzt in der Mitte; ihre Kunden fächern sich nach links auf und ihre vorgelagerten Anbieter nach rechts (Pfeile zeigen die Transitrichtung). Scrollen Sie oder verwenden Sie die Schaltflächen zum Zoomen · ziehen Sie den Hintergrund zum Verschieben · klicken Sie auf einen Knoten, um ihn im Verzeichnis zu öffnen.
Stand 2026-06
Die Entität befindet sich links und ihre Verbindungen fächern sich nach Rolle auf der rechten Seite auf; der Graph zeigt die sichersten Verbindungen jeder Gruppe, und die vollständige Liste darunter enthält jede Beziehung.
Capital One's 2019 cloud-hosted application breach remains a defining example of why shared-responsibility language cannot substitute for operational control evidence. The incident joined web-application firewall configuration, cloud metadata access, IAM role permissions, detection, regulator findings, customer notice, criminal prosecution, and settlement into one question: who could actually prevent, detect, and repair the path attackers used?
Capital One's 2019 cloud metadata breach is too often reduced to a slogan about shared responsibility. The better accountability question is sharper: when a cloud contract assigns categories of responsibility, what operational evidence proves that a real control worked at the exact boundary where a misconfigured application, a web application firewall role, metadata-service access, least privilege and detection all met? The breach showed that contractual language can allocate responsibility, but only evidence can prove prevention, containment and repair.
The 2019 Capital One breach did not show that public cloud is inherently unsafe, or that a customer can outsource accountability to its cloud provider. It showed how a web-facing configuration error, a metadata credential path, broad storage permissions, weak alert resolution, and years of retained application data can combine into one legally consequential control failure.