Header image

Unsecured Bucket Left Capita Data Exposed for Years

Capita confirms it has now secured the bucket and data only contained 'release notes and user guides.'


Capita left a trove of data exposed online for seven years, exposing multiple files.

According to TechCrunch, a security researcher (requesting anonymity) discovered an unprotected Amazon-hosted storage bucket, which had been exposed to the internet since 2016, and contained approximately 3,000 files totaling 655GB in size. 

The exposed data included software files, server images, numerous Excel spreadsheets, PowerPoint presentations and text files, according to a sample of filenames reviewed by TechCrunch.

One of the text files contained login details for one of Capita’s systems, the security researcher found, and some filenames suggested data was being uploaded to the exposed bucket this year.

There was no password on the bucket, allowing anyone who knew the easy-to-guess web address access to the files. 

The bucket has now been secured by Capita, and spokesperson Elizabeth Lee told TechCrunch that the unsecured bucket contained "information such as release notes and user guides, which are routinely published alongside software releases in line with standard industry practice.”



Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

24
Oct
Webinar

Securing Data in the Cloud: Advanced Strategies for Cloud Application Security

Discussing the current trends in cloud security, focusing on the challenges of hybrid environments

In this live webinar, join security specialists from OPSWAT to discuss the current trends in cloud security, focusing on the challenges of hybrid environments, including diminished visibility and weakened threat detection.

image image