Security News > 2023 > May > Another security calamity for Capita: An unsecured AWS bucket

Another security calamity for Capita: An unsecured AWS bucket
2023-05-17 12:48

Capita is facing criticism about its security hygiene on a new front after an Amazon bucket containing benefits data on residents in a south east England city council was left exposed to the public web.

Colchester City Council said on Monday it had launched a probe following the discovery of the open bucket, and was working with Capita to fully understand the "Extent of the data spill and take all necessary steps to minimize any impact on residents."

"The data, along with similar information from other local authorities, was found on an unsecured Amazon Data Bucket controlled by Capita. Capita has confirmed that it has since been made secure and we can confirm that the data does not include any bank details."

"We require all parties involved in the handling of sensitive information to adhere to the highest standards of data protection and it is unacceptable that Capita has failed to meet these required standards. As a result, we are considering what further action may be appropriate regarding Capita."

A spokesperson at Capita said in a statement: "We are working with our third-party technical advisors to investigate this issue. The data is secure and no longer accessible. Our investigations into the matter are ongoing. The privacy and security of our client information is of the utmost importance to us."

Capita looking at a bill of £20M over breach clean-up costs Leaky AWS S3 buckets are so common, they're being found by the thousands now - with lots of buried secrets Twilio: Someone waltzed into our unsecured AWS S3 silo, added dodgy code to our JavaScript SDK for customers McGraw Hill's S3 buckets exposed 100,000 students' grades and personal info Security company finds unsecured bucket of US military images on AWS. This latest development comes on the heels of Capita shutting down its part of its internal systems in late March after detecting a digital break-in of its infrastructure, which the outsourcing giant admitted to in early April.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/05/17/another_security_calamity_for_capita/