Rochford District Council pins data breach on Capita’s ‘unsafe storage’

Written by Sam Trendall on 17 May 2023 in News

Authority claims it is taking ‘swift and decisive action’ in response to incident it claims affected several councils

Credit: Terry Joyce/CC BY-SA 3.0

Rochford District Council has claimed that the “unsafe storage” provided by tech supplier Capita caused a data breach which may have exposed citizens’ personal information.

The authority yesterday issued a statement claiming that the breach – which it said “has affected several other local authorities around the country” – concerned the possible comprise of “historic data… [which] has now been secured”.

Investigations into the extent of the breach are ongoing and citizens of the Essex town are advised that they do not need to contact the council, as it “will be in contact with any residents whose personal sensitive data may have been made available to view” in due course.

The local authority said that it “has expressed its disappointment with Capita”, which provides Rochford with revenue and benefits software. 

The council added that it is “taking swift and decision action in response to the response to the unsafe storage of personal data” by the IT services company, and “is committed to ensuring Capita works with us to fully understand the cause of the data breach and to implement measures to prevent a similar incident from occurring in the future”.

Related content

Tim Willis, interim director of resources at Rochford District Council, said: "The council is very disappointed at this and we are working closely with Capita to deal with this matter and to understand how the data breach from the company occurred. We take very seriously our commitment to safeguarding the privacy and security of our residents’ personal information. We know this will cause concern to residents and we want to apologise to those affected on behalf of Capita. We will be working with Capita to review the company’s processes and ensure the avoidance of any further breaches."

A Capita spokesperson said: “We are working with our third-party technical advisors to investigate this issue. The data is secure and no longer accessible. Our investigations into the matter are ongoing. The privacy and security of our client information is of the utmost importance to us.”


t is not clear whether the Rochford data breach is connected to a cyberattack on Capita during which attackers gained access to the company’s systems for nine days at the end of March. An update published by the supplier a month ago acknowledged that there is “some evidence” that information “which might include customer, supplier or colleague data” was stolen during the incident.

The most recent update, published by Capita on 10 May, said that it is still “working closely with all appropriate regulatory authorities and with customers, suppliers and colleagues to notify those affected and take any remaining necessary steps to address the incident”.

The statement added that “some data was exfiltrated from less than 0.1% of its server estate [and] Capita has taken extensive steps to recover and secure the customer, supplier and colleague data contained within the impacted server estate, and to remediate any issues arising from the incident”.

The firm said that efforts to “interrupt” the intruders has “resulted in the impact of the attack being significantly restricted”.

The incident is expected to cost the firm between £15m and £20m in “specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cyber security environment”.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

ICO urges Capita customers to ‘check their position’ after 90 organisations report data breaches
31 May 2023

Technology services firm has revealed two data-compromising incidents in recent week


MoJ reprimanded by ICO after ‘bags of confidential documents’ exposed for over two weeks
25 May 2023

Sensitive data was left unsecured in prison holding area, according to data watchdog

‘Extremely concerned and disappointed’ – more councils caught up in Capita breach
24 May 2023

Authorities have complained about the lack of time taken to be notified by IT firm and wrongly being told personal data was not put at risk 

Capita admits possible compromise of customer data during cyberattack
20 April 2023

Attackers had unauthorised access for nine days, outsourcing firm announces

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...