-
Key insight: A failure in an AWS internal subsystem in its northern Virginia region caused widespread errors and latencies across the internet on Monday.
-
What’s at stake: The outage disrupted services at banks and fintechs like Navy Federal, Truist and Chime, reminding the sector of its concentration risk.
-
Expert quote: “When AWS sneezes, half the internet catches the flu,” said Monica Eaton, whose company helps merchants handle charge-back fraud.
Overview bullets generated by AI with editorial review
Problems on Monday at Amazon Web Services’ northern Virginia data center caused outages and delays with web services across the internet, including at a handful of banks and credit unions.
The disruption served as a potent reminder of the financial sector’s dependence on centralized cloud infrastructure and contained echoes of widespread outages last year caused by a faulty update at cybersecurity vendor CrowdStrike.
Amazon Web Services, or AWS, provided frequent updates on its investigation into and recovery from the outage on a status webpage on Monday. The company made no indications about whether a cybersecurity incident caused the issues.
AWS engineers began investigating increased error rates and latencies in multiple AWS services in the so-called us-east-1 region starting at 3:11 a.m. on the East Coast on Oct. 20. These services are based in that northern Virginia AWS data center.
AWS later in the day determined that an “underlying internal subsystem,” responsible for monitoring the health of network load balancers, caused the network connectivity issues, according to the company’s status page.
The issue affected numerous critical AWS services, including S3 (data storage), CloudFront (web content delivery), RDS (a database service), DynamoDB (another database), Lambda (event-driven code execution) and SNS (a notification service).
Some EC2 instances, which are virtual machines, also could not properly boot up.
At 2:22 p.m., AWS reported that mitigations progressed, and the company saw decreasing network connectivity issues and increased launches of new EC2 instances.
User reports submitted through Downdetector, a service that collects crowd-sourced reports of service outages, indicated problems at numerous financial companies and related platforms on Monday.
Banks, credit unions and fintechs that experienced spikes in user reports of outages on Monday included Navy Federal Credit Union, Truist, Ally, Chime, and Venmo.
A Navy Federal spokesperson confirmed that a “nationwide outage impacting organizations from various industries also disrupted multiple Navy Federal member service platforms today.” The spokesperson did not specify which services in particular were affected.
The spokesperson said the credit union’s support teams “immediately” identified the national outage and began actively working to restore service while simultaneously engaging external vendors to determine the cause.
Spokespeople for Truist, Ally, Chime and Venmo did not immediately respond to requests for comment.
For organizations dealing with payment processing, the outage immediately created downstream consequences, according to Monica Eaton, founder and CEO of Chargebacks911, a company that helps merchants against charge-back fraud.
“When AWS sneezes, half the internet catches the flu,” Eaton said.
Eaton said she expects “a spike in ‘I never got my service’ or ‘I was charged twice’ claims,” noting that much of this may be the result not of fraud but of confusion, which she said was “the number one driver of charge-backs.”
“The smart move is to get ahead of the narrative,” she advised. She recommended checking proactively for duplicate charges and sending notifications in advance to affected users.
She added that businesses should document the outage window for “clean evidence” and offer quick refunds where appropriate, emphasizing that fixing misunderstandings is cheaper than fighting battles in the dispute process.
She warned that the outage “will end long before the disputes do.”
The incident “underscores just how dependent our lives and basic daily functions have become on a few major cloud providers,” according to Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, a nonprofit that promotes cybersecurity awareness and education.
In particular, the outage highlights the concentration risks associated with cloud computing — a risk financial services companies have been warning about for years.
Steinhauer said that even the largest systems are not immune to outages, which are often a sign of “how fragile interconnected systems can be when so much of the internet’s infrastructure is centralized.”
“Businesses can use this outage as a valuable tabletop exercise to identify gaps in their business continuity plans and evaluate what backup solutions they have in place,” Steinhauer said.
He further recommended that reviewing redundancy and disaster recovery strategies “ensures that critical operations aren’t tied to a single cloud region or provider.”
-
Key insight: A failure in an AWS internal subsystem in its northern Virginia region caused widespread errors and latencies across the internet on Monday.
-
What’s at stake: The outage disrupted services at banks and fintechs like Navy Federal, Truist and Chime, reminding the sector of its concentration risk.
-
Expert quote: “When AWS sneezes, half the internet catches the flu,” said Monica Eaton, whose company helps merchants handle charge-back fraud.
Overview bullets generated by AI with editorial review
Problems on Monday at Amazon Web Services’ northern Virginia data center caused outages and delays with web services across the internet, including at a handful of banks and credit unions.
The disruption served as a potent reminder of the financial sector’s dependence on centralized cloud infrastructure and contained echoes of widespread outages last year caused by a faulty update at cybersecurity vendor CrowdStrike.
Amazon Web Services, or AWS, provided frequent updates on its investigation into and recovery from the outage on a status webpage on Monday. The company made no indications about whether a cybersecurity incident caused the issues.
AWS engineers began investigating increased error rates and latencies in multiple AWS services in the so-called us-east-1 region starting at 3:11 a.m. on the East Coast on Oct. 20. These services are based in that northern Virginia AWS data center.
AWS later in the day determined that an “underlying internal subsystem,” responsible for monitoring the health of network load balancers, caused the network connectivity issues, according to the company’s status page.
The issue affected numerous critical AWS services, including S3 (data storage), CloudFront (web content delivery), RDS (a database service), DynamoDB (another database), Lambda (event-driven code execution) and SNS (a notification service).
Some EC2 instances, which are virtual machines, also could not properly boot up.
At 2:22 p.m., AWS reported that mitigations progressed, and the company saw decreasing network connectivity issues and increased launches of new EC2 instances.
User reports submitted through Downdetector, a service that collects crowd-sourced reports of service outages, indicated problems at numerous financial companies and related platforms on Monday.
Banks, credit unions and fintechs that experienced spikes in user reports of outages on Monday included Navy Federal Credit Union, Truist, Ally, Chime, and Venmo.
A Navy Federal spokesperson confirmed that a “nationwide outage impacting organizations from various industries also disrupted multiple Navy Federal member service platforms today.” The spokesperson did not specify which services in particular were affected.
The spokesperson said the credit union’s support teams “immediately” identified the national outage and began actively working to restore service while simultaneously engaging external vendors to determine the cause.
Spokespeople for Truist, Ally, Chime and Venmo did not immediately respond to requests for comment.
For organizations dealing with payment processing, the outage immediately created downstream consequences, according to Monica Eaton, founder and CEO of Chargebacks911, a company that helps merchants against charge-back fraud.
“When AWS sneezes, half the internet catches the flu,” Eaton said.
Eaton said she expects “a spike in ‘I never got my service’ or ‘I was charged twice’ claims,” noting that much of this may be the result not of fraud but of confusion, which she said was “the number one driver of charge-backs.”
“The smart move is to get ahead of the narrative,” she advised. She recommended checking proactively for duplicate charges and sending notifications in advance to affected users.
She added that businesses should document the outage window for “clean evidence” and offer quick refunds where appropriate, emphasizing that fixing misunderstandings is cheaper than fighting battles in the dispute process.
She warned that the outage “will end long before the disputes do.”
The incident “underscores just how dependent our lives and basic daily functions have become on a few major cloud providers,” according to Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, a nonprofit that promotes cybersecurity awareness and education.
In particular, the outage highlights the concentration risks associated with cloud computing — a risk financial services companies have been warning about for years.
Steinhauer said that even the largest systems are not immune to outages, which are often a sign of “how fragile interconnected systems can be when so much of the internet’s infrastructure is centralized.”
“Businesses can use this outage as a valuable tabletop exercise to identify gaps in their business continuity plans and evaluate what backup solutions they have in place,” Steinhauer said.
He further recommended that reviewing redundancy and disaster recovery strategies “ensures that critical operations aren’t tied to a single cloud region or provider.”
