Capita, the largest UK outsourcing services company, was hit by another data breach this week following a cyberattack in March.

This is the second data breach on the London-based company in under two months.

The Information Commissioner’s Office (ICO) said in a statement that a “second data breach emerged in May when it was reported that the firm had left benefits data files in publicly accessible storage, prompting several councils to say they thought their data had been compromised.”

Britain’s data watchdog said that they have been contacted by 90 organisations regarding the two data breaches.

“Capita continues to work closely with specialist advisers and forensic experts to investigate the cyber incident and we have taken extensive steps to recover and secure the data,” Capita said.

The ICO is urging organisations to find out if the personal data they hold has been compromised by the attack.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

What caused the Capita data breach?

Former NASA cyber analyst, now head of product security at SonicWall, Immanuel Chavoya told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Amazon S3 is a popular cloud-based service that has been used by companies to suit their IT needs. However, publicly open ‘S3 buckets’ pose a substantial cybersecurity risk. 

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability.”

Leaving data files exposed in this way typically happens due to cloud misconfiguration or oversight in setting the bucket’s permissions.

Amazon S3 buckets are private by default, meaning only the account owner and people they specifically grant permission to can access the bucket and its content.

However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access, Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained.

Other cases of breaches resulting from exposed S3 buckets have included that of American educational content publishing company, McGraw Hill.

More than 100,000 students’ information was exposed as well as the company’s source code and digital keys, according to security researchers.

Chavoya added: “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

What can be done to deter future breaches?

While Amazon Web Services is now taking proactive steps to resolve data exposures through misconfigurations like these “the overall responsibility clearly remains with the owner of the data,” stated Chavoya.

“To mitigate the risk of repeat attacks, businesses must invest in robust cybersecurity measures, including advanced threat detection and response capabilities, regular security assessments, employee training, and collaboration with industry peers (ISACs) and law enforcement agencies to share threat intelligence and improve overall security posture”.

Jamie Akhtar, CEO and co-founder, CyberSmart, told Verdict that this story could become “one of the best examples of the cybersecurity risk supply chains pose.”

“Talk of Capita customers being forced to use radios, pens and paper just demonstrates the chaos caused. It also serves as a warning to the UK business community,” Akhtar added.

“If you’re part of a supply chain, cybercriminals will try to target you sooner or later – the opportunity to cause disruption or steal important data is too good to pass up.”