This article gives necessary context to this issue but predominately from one side. The headline states that it is Capital One's fault, which isn't proven in the article, it also pulls only quotes from Capital One critics.

I agree with Jared F.'s review that this article is very one-sided, presenting Capital One's CEO as giving a dishonest or inauthentic apology, possibly intentionally misframing the events of the data breach. The sources in the article are security experts who have a clear incentive to critique the company for not doing more, and everyone quoted appears to be a critic or naturally untrusting of Capital One. Capital One needs to do a much better job protecting its customers private data, but this appears to have been a hacking rather than an accidental release of data.

This article reports a conclusion yet it also states that not all of the information is known. Based on information revealed since, it does appear that Capital One is to blame, but there are significant considerations regarding capabilities Amazon provides for securing an environment and the complexity of doing so. While this does not shift blame from Capital One to Amazon, the article would be more balanced and informative if it provide this more complete picture.

There are some well sourced quotes, but no evidence is presented beyond speculation from security consultants. Capital One's only cited response was the public apology, so no attempt to corroborate with them appears to have happened.