If I build a house for you with state of the art security systems but you choose to leave all the windows and doors open, do I have any responsibility when you get burgled? AWS actually makes it quite difficult to make a bucket public (“leave the doors open”) so my view is that this one is not their fault…:
[…] Cyber Security NSW chief officer Tony Chapman said the company needs to be held accountable for the data breach.
‘There are mandatory reporting requirements under the Office of the Australian Information Commissioner that the commercial entity needs adhere to,’ he said.
Amazon said the responsibility laid with the client company, which may have inadvertently changed its access level.
‘AWS operated as designed and is secure by default. AWS customers own and fully control their data,’ he said.
‘We offer the flexibility to change our default configurations to suit the many use cases in which broader access is required, such as building a website or hosting publicly downloadable content.’