Rochford District Council pins data breach on Capita’s ‘unsafe storage’
Authority claims it is taking ‘swift and decisive action’ in response to incident it claims affected several councils
Credit: Terry Joyce/CC BY-SA 3.0
Rochford District Council has claimed that the “unsafe storage” provided by tech supplier Capita caused a data breach which may have exposed citizens’ personal information.
The authority yesterday issued a statement claiming that the breach – which it said “has affected several other local authorities around the country” – concerned the possible comprise of “historic data… [which] has now been secured”.
Investigations into the extent of the breach are ongoing and citizens of the Essex town are advised that they do not need to contact the council, as it “will be in contact with any residents whose personal sensitive data may have been made available to view” in due course.
The local authority said that it “has expressed its disappointment with Capita”, which provides Rochford with revenue and benefits software.
The council added that it is “taking swift and decision action in response to the response to the unsafe storage of personal data” by the IT services company, and “is committed to ensuring Capita works with us to fully understand the cause of the data breach and to implement measures to prevent a similar incident from occurring in the future”.
- Some NHS bodies still in process of ‘reconnecting’ six months on from cyberattack on IT systems supplier
- DfT hires Capita to screen job applicants’ social-media accounts
- Major IT firms added to cross-government strategic supplier list
Tim Willis, interim director of resources at Rochford District Council, said: "The council is very disappointed at this and we are working closely with Capita to deal with this matter and to understand how the data breach from the company occurred. We take very seriously our commitment to safeguarding the privacy and security of our residents’ personal information. We know this will cause concern to residents and we want to apologise to those affected on behalf of Capita. We will be working with Capita to review the company’s processes and ensure the avoidance of any further breaches."
A Capita spokesperson said: “We are working with our third-party technical advisors to investigate this issue. The data is secure and no longer accessible. Our investigations into the matter are ongoing. The privacy and security of our client information is of the utmost importance to us.”
t is not clear whether the Rochford data breach is connected to a cyberattack on Capita during which attackers gained access to the company’s systems for nine days at the end of March. An update published by the supplier a month ago acknowledged that there is “some evidence” that information “which might include customer, supplier or colleague data” was stolen during the incident.
The most recent update, published by Capita on 10 May, said that it is still “working closely with all appropriate regulatory authorities and with customers, suppliers and colleagues to notify those affected and take any remaining necessary steps to address the incident”.
The statement added that “some data was exfiltrated from less than 0.1% of its server estate [and] Capita has taken extensive steps to recover and secure the customer, supplier and colleague data contained within the impacted server estate, and to remediate any issues arising from the incident”.
The firm said that efforts to “interrupt” the intruders has “resulted in the impact of the attack being significantly restricted”.
The incident is expected to cost the firm between £15m and £20m in “specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cyber security environment”.
Share this page
CONTRIBUTIONS FROM READERS
Please login to post a comment or register for a free account.
Technology services firm has revealed two data-compromising incidents in recent week
Sensitive data was left unsecured in prison holding area, according to data watchdog
Authorities have complained about the lack of time taken to be notified by IT firm and wrongly being told personal data was not put at risk
Attackers had unauthorised access for nine days, outsourcing firm announces
Related Sponsored Articles
The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...