Security Researcher Discovers Exposed Trove of Capita Data Online for 7 Years

London-based outsourcing company Capita has been found to have left a significant amount of data exposed online for seven years, just weeks after the company admitted to a data breach that could have potentially impacted customer data

London-based outsourcing company Capita has been found to have left a significant amount of data exposed online for seven years, just weeks after the company admitted to a data breach that could have potentially impacted customer data. The security researcher, who requested anonymity, alerted the media to an unprotected Amazon-hosted storage bucket that was secured by Capita last week.

The AWS bucket was exposed to the internet since 2016 and contained about 3,000 files totaling 655GB in size. The researcher confirmed that there was no password on the bucket, allowing anyone with the web address to access the files. GrayHatWarfare, a searchable database that indexes publicly visible cloud storage, also captured details of the exposed cloud server.

The exposed data included software files, server images, Excel spreadsheets, PowerPoint presentations, and text files. The researcher confirmed that one of the text files contained login details for one of Capita’s systems, and some filenames suggested that data was being uploaded to the exposed bucket as recently as this year. It is not known whether data belonging to Capita’s customers, including the National Health Service and the Department for Work and Pensions, was contained within the files.

Capita was informed of the data breach in late April and secured the bucket the same week. The security researcher, who notified Capita of the breach, confirmed that the exposed bucket was promptly closed, but the company does not have a responsible disclosure program or a dedicated security contact. Elizabeth Lee, a Capita spokesperson, said that the unsecured bucket contained “information such as release notes and user guides, which are routinely published alongside software releases in line with standard industry practice.” She declined to answer additional questions.

According to the security researcher, this incident is unrelated to the late-March Capita cyberattack that was claimed by the Black Basta ransomware group. The scope of this incident remains unknown, but Capita admitted last month that it had seen evidence of “limited data exfiltration,” which “might include customer, supplier, or colleague data.”

The leaked data from the March attack included bank account details, passport photos, driver’s licenses, and personal data of teachers applying for jobs at schools. Capita has also informed trustees that some data related to pensions is “likely to have been exfiltrated,” according to the Financial Times. Black Basta has not publicly shared these files, and it is not known whether a ransom demand was paid.

Don’t Stop Here

More To Explore

solar eclipse eclipse solar eclipse 2024 solar eclipse 2023 eclipse 2024 eclipse 2023 2023 eclipse 2023 solar eclipse april 8 2024 eclipse 2024 total eclipse 2023 solar eclipses 2024 sun eclipse eclipse april 8 2024 eclipse lunar eclipse eclipse of the sun 2024 eclipse solar eclipse eclipse2023 lunar eclipses solar and eclipse solar eclipse solar eclipse solar solar eclipse solar sun eclipse total eclipse in 2024 total eclipse 2024 total solar eclipse 2024 next solar eclipse total eclipse next eclipse total solar eclipse april 2024 eclipse annular solar eclipse annular eclipse 2023 lunar eclipse 2023 annular eclipse eclipse april 2024 april 2024 solar eclipse solar eclipse april 2024 annular solar eclipse 2023 eclipse today 2023 annular eclipse total eclipse of the sun 2024 sun eclipse 2024 totality eclipse 2024 total eclipse april 2024 8 april 2024 eclipse lunar penumbral eclipse october 2023 eclipse of 2024 eclipse of sun today eclipse penumbral eclipse timer full eclipse of the moon lunar eclipses 2023 next eclipse of the sun solaire eclipse solar eclipse of april 20 2023 solar eclipse of october 14 2023 solar eclipse today solar v lunar eclipse sun eclipse next total solar eclipse in 2024 upcoming sun eclipse sun eclipse next total solar eclipse eclipse 2022 great american eclipse 2024 total solar eclipse 2023 total eclipse 2023 next eclipse 2023 full solar eclipse 2024 full eclipse 2024 upcoming solar eclipse full solar eclipse next total eclipse eclipse april 2023 sun eclipse 2023 iso 12312 2 next eclipse 2024 next full solar eclipse total lunar eclipse april eclipse 2024 next solar eclipse 2023 future solar eclipses eclipse in 2024 solar and lunar eclipse full eclipse 2023 2023 total solar eclipse 1993 eclipse 2017 eclipse 2017 solar eclipse 2017 total solar eclipse 2019 eclipse 2022 solar eclipse 2024 solar eclipse best viewing april 20 eclipse april 8 2024 solar eclipse april 8 2024 total solar eclipse april eclipse 2023 april solar eclipse 2024 eclipse 1994

Experience the Solar Eclipse with The Eclipse App: Your Ultimate Companion

An innovative app, tailored to enhance your observation of the total solar eclipse on April 8, 2024, has risen to prominence on the App Store. Titled simply “The Eclipse App,” it has amassed over 140,000 lifetime downloads on both iOS and Android platforms. This app serves as a comprehensive tool for experiencing the celestial event, providing features such as cloud cover forecasts, precise timing for totality at your specific location, and details on local events, parks, and viewing sites in your vicinity.

Twitter Introduces Payments for Verified Creators' Advertisements in Replies, Elon Musk Announces

Brazil Investigates Elon Musk Over X Dispute

Brazil has launched an investigation into Elon Musk over potential obstruction of justice following X’s reversal of a decision to block certain profiles in the country.