back to article More UK councils caught by Capita's open AWS bucket blunder

The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March's mega breach. Colchester City Council was the first to step forward last week to claim that tech …

  1. cantankerous swineherd

    "we take very seriously..."

    which is why they 1. outsourced to 2. the lowest bidder.

    1. yetanotheraoc Silver badge

      Another untruism

      "The privacy and security of our client information is of the utmost importance to us." ... Which is why the second party outsourced *again*, to a third party. They should check the definition of utmost, it's not the same as passing the buck. "We do only what is spelt out in the contract, to the minimum standard allowed by our lack of talent." FTFY

    2. anothercynic Silver badge

      Well, they (the councils) are expected to deliver value for money by their constituents, so any penny counts (especially if it comes to keeping their pension management costs down). But this breach widening and catching more and more organisations out means that Capita cannot be trusted and should a) lose all the contracts, and b) be fined to yazoo (without being able to recover the costs from the councils through charges). Oh, and paying for fraud monitoring for *every* member of the public impacted, that would be nice too.

      It's time that organisations like Capita learn that you. do. not. fuck. with. personal. data. without. consequences!!

      1. Strahd Ivarius Silver badge

        it is not their constituents, they call them "customers"...

      2. Mark 65

        Surely the best way of achieving savings would be for councils to pool resources and have a controlled entity service the common needs of all rather than each subcontract a set of nickel and diming muppets.

        1. anothercynic Silver badge

          Sure, that would be sensible, but that requires startup capital, which is a different bucket to operational budget. The accountants won't like it. And you maybe end up with something like USS, which all universities have a stake in, and yet which then shaft their pension holders with dodgy valuations. And you know how well that plays out.

    3. Mark 65

      How anyone continues to deal with the entity commonly known as Crapita is beyond me. Pay peanuts, get monkeys.

    4. John Brown (no body) Silver badge

      "which is why they 1. outsourced to 2. the lowest bidder."

      I was speaking with a guy who handles a local councils outsourcing and procurement deals a couple of years back and he said they are legally obliged to go with the lowest bidder who can meet the criteria, even when they have an existing and preferred supplier and really don't want to go with the actual lowest bidder because they know they will shit service. The best they can hope for is that they can get or keep in enough penalty clauses to mitigate the problem they know will come down the line. But the big outsourcers and/or suppliers can afford much better lawyers.

  2. VoiceOfTruth

    And the contracts

    kept rolling in. And the Capita shareholders laughed like they were on a mixture of funny pills and laughing gas all the way to their offshore banks.

  3. JMiles

    They know how to

    Crap-IT-All with your data.

  4. Missing Semicolon Silver badge
    Facepalm

    "We are working with our third-party technical advisors to investigate this issue"

    Is that the new name for sitting in a conference room, holding your head in your hands, repeating "f**k, f**k, f**k"? Because there is little else to do.

    1. Anonymous Coward
      Anonymous Coward

      Re: "We are working with our third-party technical advisors to investigate this issue"

      they're not saying fuck fuck fuck....they're saying...keep your head down and we'll get more contracts when the noise dies down

  5. Missing Semicolon Silver badge
    FAIL

    The bad news train keeps rolling for Capita

    Not really. Bad news for the poor ordinary folks who will now have to watch their finances for pretty well "for ever' (I bet the data thieves know to wait until the free enhanced monitoring expires), but basically no effect on lucrative future contracts.

  6. David Austin

    Points of order

    "We have taken extensive steps to recover and secure the data."

    How? Secure, maybe, but you can't recover it once it's out in the wild.

    "We have worked quickly to provide our clients with information"

    Not according to the impacted customers in the very statements your spokesface was countering.

    Until line managers are fined/jailed for such IT mismanagement, this will keep happening - this isn't a sophisticated cyber hack which would offer a fig leaf of defence: This is an unsecured AWS bucket, the type of misconfiguration we've been warning about for over a decade.

    1. hoola Silver badge

      Re: Points of order

      You cannot recover digital data.......

      It is not like finding a box of paper.

      Once digital assets are exposed then that is it, the only option is to assume that ALL the data is now in the wrong hands.

      This is what pisses off most is that so far there has been absolutely no substantive action taken against any of these companies.

      Capita should be suspended with immediate effect from ALL their contracts. That would focus some minds.

  7. msknight

    "extensive steps to recover and secure the data."

    Do they actually believe that anyone takes that seriously? Once data has gone... it's out the barn door, into the field, over the hills and looooong gone. Even John Wayne with the longest lasso known to the human race ain't going to be rounding that steer up.

  8. Tascam Holiday
    Thumb Down

    Beyond a joke

    "We are working with our third-party technical advisors to investigate this issue. The data is secure and no longer accessible."

    Oh well that's alright then YOU FUCKING CLOWNS.

    1. Boris the Cockroach Silver badge

      Re: Beyond a joke

      Quote

      ""We are working with our third-party technical advisors to investigate this issue. The data is secure and no longer accessible."

      Unless someone went pressed ctrl-c then ctrl-v while the data was available but we do not think the hackers were very technically qualified

      Although they were more qualified than our outsourced IT department with their Admin/1234 as the root account/password*

      Theres a very good reason why crapita is known as crapita

      *since changed to a far more secure version..... admin/4321

    2. Strahd Ivarius Silver badge
      Trollface

      Re: Beyond a joke

      the data is no longer accessible.

      did the intruders delete it?

  9. This post has been deleted by its author

  10. Anonymous Coward
    Anonymous Coward

    Hmmm

    I think that someone should learn how to spell "apologise".

    And there should be a law that states you can't be a councillor if your main ambition in life is to achieve the i.q. of a carrot. And you must also learn to take the blame for your fuckups instead of "it was someone/anyone else's fault"

    You fucking wankers chose Capita. It is your fault. Full Stop.

    1. nobody who matters

      Re: Hmmm

      Hey - I know some very intelligent Carrots. One of them has a degree in Agriculture!

      1. John Brown (no body) Silver badge

        Re: Hmmm

        And another is one of Ank Morporks finest!

    2. Strahd Ivarius Silver badge
      Facepalm

      Re: Hmmm

      they don't have the IQ of a carrot, this is why:

      1. they ran for the position

      2. they were elected

      3. they chose Capita

      1. Cav Bronze badge

        Re: Hmmm

        Tell me you don't have a clue what you are talking about without telling me....

    3. hoola Silver badge

      Re: Hmmm

      Maybe if you had ever worked in the Public sector you would understand a little more rather than just hurling abuse at people.

      So much in Council services are now outsourced because the have no choice. Most of the systems are supplied by people like Captia, Civica and so on because they provide the underlying systems. The council is just a consumer. Part of the argument that started this is that it is cheaper as each council can use an existing service. Funding has been cut so much that it is simply not possible to do everything "in house". Outsourcing is considered cheaper because the costs are fixed and the only thing that needs to be managed is an SLA.

      It is a race to the bottom in funding and quality. If you want councils to have top-notch IT provision it will cost money. Money they don't have and nobody is prepared to give them.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hmmm

        >Part of the argument that started this is that it is cheaper as each council can use an existing service

        Yeah, but I don't think each council makes a saving though - Capita makes increased profit each time they can re-sell the same/mildly tailored system, but I don't think subsequent councils receive increased discounts/it was built with the real mindset at some sort of national level that other councils would use it.

        1. anothercynic Silver badge

          Re: Hmmm

          They make a saving compared to what they would pay if they did it themselves. That's the point. The fact Capita goes and makes a loss on maybe the first few councils and then starts making a profit on everyone else after that is something else. You would expect that the more councils signed up the cheaper it would get for everyone, but that's not how capitalism works.

          1. Lomax
            Boffin

            Re: Hmmm

            > They make a saving compared to what they would pay if they did it themselves.

            You sound quite sure, and I have to ask: what numbers do you base this on?

            1. Lomax

              Re: Hmmm

              The UK government hands over roughly £1bn a year to Capita. I think you could run a fairly sizeable IT operation on that kind of money. Additionally you could probably recoup some of the cost by licensing your products to others. I know that's not "how capitalism works", but we've tried that and it clearly doesn't work - perhaps time to try something else?

  11. Anonymous Coward
    Anonymous Coward

    Full disclosure

    Let’s have free choice in who manages our data.

    Full custody control and access should be disclosed at the point of signing up.

    If it changes, allow free transfer.

    If the only choice is poor (coughcrapitacough), then good luck.

    Penalties for breaches should apply and be severe.

  12. Ball boy Silver badge

    Crapita errors. Again.

    This is now so common, I would be surprised if it doesn't spawn a phishing campaign in its own right: 'Your details were unfortunately exposed during the <insert a recent Capita goof> event and we strongly advise you to change your password. Click [here] to update your account'.....

    Sadly, some people will most likely fall for it.

  13. s. pam Silver badge
    Facepalm

    why do i always see the vomit emoji

    whenever i hear the name Crapita and a.n.other data breach i wonder???

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like