{"id":92151,"date":"2023-05-30T09:45:00","date_gmt":"2023-05-30T09:45:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=92151"},"modified":"2023-05-30T09:45:00","modified_gmt":"2023-05-30T09:45:00","slug":"downstream-breaches-of-capita-customers-spreading","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=92151","title":{"rendered":"Downstream breaches of Capita customers spreading"},"content":{"rendered":"
<\/div>\n

The impact of two separate cyber security incidents at Capita<\/a> continues to spread as more and more of the organisations\u2019 customers report downstream data breaches, with the data of hundreds of thousands \u2013 potentially millions \u2013 of private individuals likely affected.<\/p>\n

As many as 90 organisations say they have now seen some impact, according to the BBC<\/a>, which cited updated figures from the Information Commissioner\u2019s Office (ICO).<\/p>\n

Among them are multiple pension funds which used the company\u2019s Hartlink service, a supposedly secure website that enables people to manage their pensions. These include firms such as Diageo, Marks and Spencer, Royal Mail and Unilever.<\/p>\n

Capita\u2019s systems were attacked at the end of March<\/a>, causing a multi-day service outage for many of the organisation\u2019s public sector customers. At the time, Capita\u2019s crisis communications operation claimed that there was no evidence of customer data being compromised but this has now proved to be untrue<\/a>.<\/p>\n

It has also subsequently emerged that Capita left confidential data exposed to the public internet for a number of years, having failed to correctly configure an Amazon Web Services (AWS) S3 storage bucket<\/a>.<\/p>\n

\u201cWe are aware of two incidents concerning Capita, regarding a cyber attack in March and the use of publicly accessible storage. We are receiving a large number of reports from organisations directly affected by these incidents and we are currently making enquiries,\u201d the ICO said in a statement.<\/p>\n

The regulator said it was continuing to encourage Capita customers to check their exposure to these incidents and if necessary, to consider reporting breaches to it.<\/p>\n

Organisations are obliged to notify the ICO within 72 hours of becoming aware of a personal data breach unless it poses no risk to people\u2019s rights or freedoms.<\/p>\n

Even if an organisation chooses not to report, it must maintain records of the breach and be able and prepared to explain why it did not do so, should circumstances change.<\/p>\n

ESET<\/a> global cyber security adviser Jake Moore said that when personal data was compromised, it made breaches far more impactful, and warned that it might be years before exactly what has happened at Capita becomes clear.<\/p>\n

\u201cThe knock on effects of this attack have been brutal and highlight the full extent of a typical, modern-day cyber attack,\u201d said Moore. \u201cExposure of sensitive data can create problems for customers who are often left unbeknown of the full outcome of their information being stolen.<\/p>\n

\u201cWhether people have been warned or not, people should remain vigilant of distinctive follow on threats. People should remain on guard to potential malicious communications even if it sounds plausible and verified with corresponding data due to fraud and identity theft possibilities.\u201d<\/p>\n

Jamie Akhtar, CEO and co-founder of CyberSmart<\/a>, added: \u201cThis story might become one of the best examples of the cyber security risk supply chains pose\u2026If you\u2019re part of a supply chain, cyber criminals will try to target you sooner or later \u2013 the opportunity to cause disruption or steal important data is too good to pass up.<\/p>\n

\u201cSo, we urge businesses of all sizes to think about their supply chain and the risks within it. If you\u2019re unsure where to start, the NCSC\u2019s \u2018mapping your supply chain\u2019 guidance<\/a> is a great jumping-off point.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

The impact of two separate cyber security incidents at Capita continues to spread as more and more of the organisations\u2019 customers report downstream data breaches, with the data of hundreds of thousands \u2013 potentially millions \u2013 of private individuals likely affected. As many as 90 organisations say they have now seen some impact, according to […]<\/p>\n","protected":false},"author":1,"featured_media":92152,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-92151","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=92151"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92151\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/92152"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=92151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=92151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=92151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}