iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Capita is in hot water over a data breach once again after being called out by one of its clients for unsafe data storage practices, which led to data being compromised.
The Colchester City Council is currently investigating a “serious data breach” and has pointed the finger at Capita, saying that its failure to properly store data lead to the incident.
“The council is extremely disappointed that such a serious and widespread data breach has occurred and is robustly addressing the matter with Capita,” said Colchester City Council chief operating officer Richard Block.
Capita responded to the council, saying that it was also launching a probe into the incident and that there is currently no indication that the stolen data has been used for any malicious purposes.
“We have been assured by Capita that no personal bank account details have been compromised, but we understand any data breach is a concern,” added Block.
“We expect a full explanation and remedy from the company and for them to apologise directly to those affected.”
The Colchester City Council data affected was stored on an unsecured Amazon Data Bucket run by Capita and related to the 2019 to 2020 and 2020 to 2021 financial years.
The firm has since confirmed that the data bucket is now secure. Capita has not released a statement regarding the Colchester breach.
The news of the incident comes just as Capita is facing the aftermath of a major supply chain attack, which may see it rack up a bill of £20 million (roughly $37.5 million).
The organisation provides third-party services to a number of major agencies, including the UK Military and the National Health Service (NHS). It is contracted to provide £6.5 billion (roughly $12 billion) in services to the public sector.
The attack was identified when Capita experienced an outage in its Office 365 suite. Further investigation revealed that threat actors infiltrated its systems on 22 March and were only detected nine days later, on 31 March.
While originally saying that no data was compromised, it since has revealed that data from a small portion of its network was accessed.
“Capita understands now, based on its own forensic work and that of its third-party providers, that some data was exfiltrated from less than 0.1 per cent of its server estate,” it revealed.
With clients like the UK Military and the NHS, the breach quickly raised major concerns that the Russian hacking group behind the attack, Black Basta, could have access to significant data.
Black Basta has listed a sample of the information on its leak site, including the details of over 100 bank accounts and the personal data of teachers applying for jobs at schools.
Capita has not publicly verified the legitimacy of the files.
Be the first to hear the latest developments in the cyber industry.
