AWS outage sparks global disruption across banking & services

A widespread outage at Amazon Web Services (AWS) on 20 October 2025 has caused significant disruption across numerous industries and regions globally.

The incident originated with a failure in the US-EAST-1 region, which triggered substantial issues in DynamoDB, a major AWS database service. The cascading effects impacted authentication services, data access, and a broad spectrum of backend operations, according to subject matter experts monitoring the situation.

Service disruption

Key online platforms, including Amazon's own eCommerce site and Prime Video, were affected. Other major services, such as Snapchat, cryptocurrency exchange Coinbase, and UK-based institutions, including HM Revenue & Customs (HMRC) and Lloyds Bank, reported significant periods of unavailability. The disruption spread to banking, eCommerce, gaming, and education platforms, leaving millions of users worldwide unable to access essential digital services.

Steve Sandford, Partner - Digital Forensics and Incident Response at CyXcel, explained that while AWS outages are still relatively rare, high-profile failures such as this one have broad and visible consequences. He noted that outages are more frequent in traffic-dense AWS regions, with US-EAST-1 historically a focus for such events.

"The AWS outage on 20 October 2025 was one of the most disruptive in recent memory, affecting a wide range of services globally … Major platforms such as Amazon.com, Prime Video, Snapchat, Coinbase, and UK services like HMRC and Lloyds Bank experienced significant downtime. The outage disrupted everything from banking and eCommerce to gaming and education, with millions of users unable to access essential services."

Sandford added that while there is no clear evidence that outages are increasing in frequency, the growing reliance on cloud infrastructure is amplifying their impact.

Cloud concentration and business risks

Industry commentators highlighted the particular risks associated with the market dominance of AWS and a small number of other major cloud providers, notably Microsoft Azure. Where services are concentrated in just a few core regions, a localised incident has the potential to cause significant global disruption. The range of affected companies and public services during the recent event highlights how critical infrastructure now depends on a handful of cloud hosts.

The risks associated with such incidents are substantial. Sandford pointed to operational downtime, direct revenue loss, compliance risks, and reputational damage, all of which can quickly follow extended periods of outage. These consequences are felt most acutely by organisations whose operations, transactions, or customer service rely directly on the availability of online systems.

Perspective from the security community

Jeremy Turner, Vice President of Threat Intelligence & Research at SecurityScorecard, contextualised the outage as an example of widespread risk aggregation. He said:

"Today's AWS outage is a stark reminder that cloud resilience is national resilience. A single disruption can ripple across critical services, finance, and infrastructure. Resilience is measured in how many more nines come after 99.9%, but it's never 100%. The cloud delivers incredible uptime, but it's also a massive source of risk aggregation. In this case, a database issue with DynamoDB, the system storing DNS records for a significant share of the internet, shows just how much scale amplifies both impact and recovery. When systems and datasets are this large, restoring service within hours is, frankly, remarkable."

Turner's remarks indicated that while restoring services at such a scale is a technical feat, the focus must remain on how quickly and robustly providers can respond to future incidents as cloud infrastructures continue to expand in size and scope.

Calls for greater resilience

Douglas Wadkins, Chief Technology Officer at Opengear, addressed the wider implications for network resilience and best practice in operational response. Wadkins explained that single points of failure in cloud regions or digital supply chains can now impact multiple sectors simultaneously. He warned that in the face of such incidents, standard responses can be too slow, as they tend to be highly manual and fragmented.

"As seen with the widespread disruption today, the consequences of downtime are severe and immediate - lost revenue and customer trust, with potential knock-on effects in today's fragile macro-economic and geopolitical environment. Simply reacting after the event isn't enough. Recovery times remain too high because responses are often manual, fragmented and slow."

According to Wadkins, as artificial intelligence and automation increasingly depend on digital infrastructure, the potential for future points of failure will continue to rise. He advocated for the adoption of proactive network management, remote access, and isolation strategies as means to prevent localised issues from evolving into global interruptions.

Sandford advised that organisations need to reassess and strengthen their resilience strategies, highlighting multi-region architectures, failover mechanisms, and multi-cloud deployments as important mitigation measures. With the ongoing growth of cloud adoption, planning for resilience is becoming a central component in corporate technology strategies worldwide.