back to article Another security calamity for Capita: An unsecured AWS bucket

Capita is facing criticism about its security hygiene on a new front after an Amazon cloud bucket containing benefits data on residents in a south east England city council was left exposed to the public web. Colchester City Council said on Monday it had launched a probe following the discovery of the open storage bucket, and …

  1. VoiceOfTruth Silver badge

    Blah blah blah

    -> Capita is facing criticism

    But NO action. The contracts with Capita will continue until all information is leaked. Then the leaking of information will be termed uninmportant.

    1. tmTM

      Re: Blah blah blah

      Weirdly their incompetence also demonstrates why they are necessary.

      So when something like this does go down, the council can offload all the blame on someone else and not have to worry about the aftermath.

      1. Yet Another Anonymous coward Silver badge

        Re: Blah blah blah

        Well you couldn't fine them because the costs would be passed on to the customers, who are the taxpayers who pay for this contract

    2. katrinab Silver badge
      Black Helicopters

      Re: Blah blah blah

      Or until details of the MP pension scheme get leaked? Then they will take immediate action.

      1. Yet Another Anonymous coward Silver badge

        Re: Blah blah blah

        MP's bank details are all freely available, along with their 'advisor' rates, on their business cards

    3. hoola Silver badge

      Re: Blah blah blah

      As I said on the USS debacle, there has to be immediate sanctions against the company so that they are severely constrained.

      The also has to be some sort of disclosure process so that auditors can see just how many eggs are in one (incompetent) basket. This is going to keep being repeated until it reaches the point there is simply not secure data. It will all be in the public domains.

      Data matching services can already stick huge amounts or publicly available and stolen data together to make highly valuable data sets.

    4. Flak

      Oops, I did it again...

      First thing that came to mind reading this.

  2. Wellyboot Silver badge

    Muppets - no open buckets are cloud 101.

    Is Crapita not using even a simple 'how to' script to set up new ones as crapita access only - start secure.

    1. t245t Silver badge
      Mushroom

      Re: Muppets - no open buckets are cloud 101.

      > Is Crapita not using even a simple 'how to' script to set up new ones as crapita access only - start secure.

      This is what happens when you get an unpaid intern to do your fintech /s

    2. Mr Dogshit

      Re: Muppets - no open buckets are cloud 101.

      Start secure by keeping it on prem.

      1. hoola Silver badge

        Re: Muppets - no open buckets are cloud 101.

        No guarantees that would help much with this level of incompetence.

  3. Doctor Syntax Silver badge

    What's not said is who discovered this. Are Capita, prompted by pension scheme breach, doing an audit and discovered it themselves? Did one of their customers decide to run a check? Or was it some 3rd party of whatever colour hat?

  4. Anonymous Coward
    Anonymous Coward

    "No bank details" - Whoopee fucking do

    There will still be more than enough for motivated scamsters to target individuals and begin stealing their identities to get these bank details.

    1. Wellyboot Silver badge

      Re: "No bank details" - Whoopee fucking do

      Too true, and to slightly misquote sir Humphrey*,

      "Grab as much as you can and decide what to do with it later".

      * https://www.youtube.com/watch?v=Ke9ec_Ua3x0

    2. GloomyTrousers

      Re: "No bank details" - Whoopee fucking do

      It's the standard response, a bit of misdirection to make it seem better. As if bank details are the only thing that matters if there's a data breach.

  5. Ball boy Silver badge

    "The privacy and security of our client information is of the utmost importance to us.”

    Yes siree! It sure sounds like you take client information seriously.

    </snark>

  6. Zippy´s Sausage Factory
    Devil

    We require all parties involved in the handling of sensitive information to adhere to the highest standards of data protection and it is unacceptable that Capita has failed to meet these required standards. As a result, we are considering what further action may be appropriate regarding Capita.

    The "appropriate action" no doubt will be to award them another lucrative contract, while they employ a few former senior council workers at exorbitant rates to sell their wares to other councils. And thus the cycle of chaos continues.

  7. Falmari Silver badge
    Flame

    And so the cycle continues

    It’s just one fuckup after another with these clowns.

    They should be barred from tendering for any public projects on the grounds that they are a bunch of incompetent fuckwits incapable of installing Linux on a laptop without missing the delivery date, running over budget, or meeting the requirements, the laptop would come with Windows instead of Linux.

    My 96 year old mum could do a better job than Crapita and she has been dead the past two years.

  8. Anonymous Coward
    Anonymous Coward

    This is yet another proof that they deserve to be called Crapita (thanks to Private Eye for the name)

    1. Korev Silver badge
      Thumb Down

      They used to call them that here too

  9. Will Godfrey Silver badge
    Mushroom

    I would like to say I was surprised

    But I prefer to tell the truth (unlike Crapita).

  10. Anonymous Coward
    Anonymous Coward

    Same or different AWS bucket?

    Open bucket for 7 years apparently!

    Security researcher finds trove of Capita data exposed online

  11. keithpeter Silver badge
    Windows

    “We expect a full explanation and remedy from the company and for them to apologize directly to those affected.”

    Quote from OA itself quoting a Council spokesman. My emphasis.

    "Remedy" in a context like this means solicitors in a civil law context.

  12. ComicalEngineer

    Is there no end to Crapita's incompetence? *

    * Probably not. From experience.

    1. John G Imrie

      To misquote Einstein

      Two things are infinite: the universe and Crapita's incompetence and I'm not sure about the former.

  13. Duffaboy
    FAIL

    Business are you thinking of Out Sourcing

    Then think long and hard about giving your business who have a track record of ballsing things up, again and again and again.

  14. Anonymous Coward
    Anonymous Coward

    With Staff like this...

    Just got a call about a job at Crapita. Architect 1/2 what I'd want to stop contracting.

    If thats the kind of "market rates" that are being offered, no wonder they hired someone who left the Bucket open to the Internet.

    ridiculous.

  15. Colin Bull 1
    Unhappy

    Another couple of hundred thousand ...

    Receive letter today from Unilever Pension fund that their scheme administered by Crapita may have been compromised. Data includes pension ID and banking details. 12 months free Experian monitoring for free . Guess that is worth sweet FA ( https://www.theregister.com/2022/07/12/experian-account-hijack-krebs/ )

  16. Anonymous Coward
    Anonymous Coward

    Why does everyone keep using them?

  17. Anonymous Coward
    Anonymous Coward

    Having had exposure to the Revs & Bens system, there will be a sh*t load of personal info within it.... Also I cannot think of one reason it would be being held in a S3bucket. Unless it was put there knowing some would stumlr on it sooner than later

  18. Vader

    Oh well, Here you go time for another contract to them to offset the losses if any from this one.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like