- ITDM 2025 전망 | “비전을 품은 기술 투자, 모두가 주춤한 시기에 진가 발휘할 것” 컬리 박성철 본부장
- 최형광 칼럼 | 2025 CES @혁신기술 리터러시
- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
New Cloud Data Leak Adds to Capita’s Woes
Business process outsourcer Capita was in the dock again this week after a local authority revealed that historic data from several councils was stored on an unsecured cloud server managed by the firm.
In an update to its investigation yesterday, Colchester Council criticized the “unsafe storage of personal data” by Capita and said it has requested more information on the extent of the leak.
“Capita has been entrusted with the crucial task of providing the council’s end-of-year auditing services for council tax and benefits. This involves extracting information from the council’s secure systems. However, recent events have brought to light the fact that Capita has failed to maintain the necessary standards for data protection,” the council explained in a statement.
“The benefits data files include details of the benefits people are in receipt of. This is historic data and relates to the 2019/20 and 2020/21 financial years. The data, along with similar information from other local authorities, was found on an unsecured Amazon data bucket controlled by Capita. Capita has confirmed that it has since been made secure and we can confirm that the data does not include any bank details.”
Read more on Capita’s ransomware breach: Outsourcer Capita Claims to Have Contained “Cyber Incident”
While it is unclear how the incident came to light, it appears to be a fairly common cloud misconfiguration error. As such, the impact should be limited, as long as malicious third parties didn’t discover the mistake before it was remediated and manage to access and exfiltrate data.
However, the timing couldn’t be worse for the outsourcer, which is still dealing with the fallout from a ransomware breach in late March. Although it is still unclear how much data was stolen in that raid, Capita has said that less than 0.1% of its server estate was impacted.
“This serves as a reminder of the potential impacts when relying on third-party providers and suppliers,” argued Javvad Malik, lead security awareness advocate at KnowBe4.
“While outsourcing can be financially beneficial, organizations need to remember that they cannot outsource responsibility, and so, they need to carefully vet their third-party providers to gain assurance they are keeping data secure.”
Editorial image credit: Postmodern Studio / Shutterstock.com