This is a very difficult question to answer with a simple yes or no. The issue is that there are numerous federal and state laws (if we are talking about US-based providers) that cover a breach. As an example,
Under state data breach laws, the cloud provider is responsible for breach notification to the data owner, but not to individuals or users if they don't own the data. You really need to review your contract (you know, that several pages-ful of screens that you probably never have read) with your provider to see what they have promised and what they haven't.