Capita confirms it has now secured the bucket and data only contained 'release notes and user guides.'
Capita left a trove of data exposed online for seven years, exposing multiple files.
According to TechCrunch, a security researcher (requesting anonymity) discovered an unprotected Amazon-hosted storage bucket, which had been exposed to the internet since 2016, and contained approximately 3,000 files totaling 655GB in size.
The exposed data included software files, server images, numerous Excel spreadsheets, PowerPoint presentations and text files, according to a sample of filenames reviewed by TechCrunch.
One of the text files contained login details for one of Capita’s systems, the security researcher found, and some filenames suggested data was being uploaded to the exposed bucket this year.
There was no password on the bucket, allowing anyone who knew the easy-to-guess web address access to the files.
The bucket has now been secured by Capita, and spokesperson Elizabeth Lee told TechCrunch that the unsecured bucket contained "information such as release notes and user guides, which are routinely published alongside software releases in line with standard industry practice.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
