Business process outsourcing firm Capita became a defendant again this week after a local government revealed historical data from several councils was stored on insecure cloud servers controlled by the company.
Colchester City Council said in an update of its investigation yesterday that it criticized Capita’s “unsafe storage of personal data” and asked for more information on the extent of the breach.
“Capita has been entrusted with the important task of providing the City Council’s end-of-year audit services for City Taxes and Benefits. This includes extracting information from the Council’s secure systems. , recent events have highlighted the fact that Capita has failed to uphold the standards required for data protection,” the council explained in a statement.
“The benefits data file contains details of the benefits people are receiving. This is historical data and relates to fiscal years 2019/20 and 2020/21. This data was found, along with similar information from other local governments, in an insecure Amazon data bucket managed by Capita, who has since confirmed that the data has been secured and that the data contains bank accounts. You can be sure that it does not contain the details of the .”
Read more about the Capita ransomware breach: Outsourcing firm Capita claims it contained a ‘cyber incident’
It’s unclear how this incident came to light, but it appears to be a fairly common cloud misconfiguration. Therefore, the impact should be limited unless a malicious third party can discover the mistake and access and exfiltrate the data before it is corrected.
But the timing couldn’t be worse for outsourcing companies as they continue to grapple with the aftermath of a ransomware breach in late March. It’s still unclear how much data was stolen in the raid, but Capita said less than 0.1% of his server assets were affected.
“This is a reminder of the potential impact of relying on third-party providers and suppliers,” argues Javad Malik, KnowBe4’s Security Awareness Lead.
“While outsourcing can be economically beneficial, organizations must remember that responsibilities cannot be outsourced, so scrutinize third-party providers carefully to get assurances that they keep their data safe. is needed.”
Editorial image credit: Postmodern Studio / Shutterstock.com
