CALL 0121 289 4477
In the broad topic of Cyber Security, a cyber attack is indiscriminate, no matter how small or large the target, you are still at risk of one.
However, when larger companies and businesses experience Cyber attacks, they are a lot more public and easy to notice.
In this blog, we’ll discuss a very recent attack that led to the data breach of Capita. A London-based international business that processes outsourcing and professional services.
At the start of May, the UK’s Pension Regulator urged hundreds of pension funds to check if client data may have been compromised after Capita was the target of a suspected ransomware attack.
The council launched a probe into the incident on Monday, saying that Capita failed to safely store personal data.
On Wednesday, it said that data relating to benefits people were receiving was being stored in an insecure way by the firm.
Capita said at the time its investigation suggested the cyber-incident occurred as a result of unauthorised access to its systems.
The Cyber attack initially impacted access to internal Microsoft 365 applications.
It is believed that companies using Capita for call centre services, such as O2, were also affected, while a number of council customer service lines were impacted, too.
Furthermore, Capita recently stated the cyber incident affected around 4% of Capita’s server estate and that “There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data.” As a side note, the word “Exfiltration” is just Cyber-lingo which means unauthorised data transfer!
To make matters worse, the data that was stolen included passport pictures, bank account details, home addresses and phone numbers of Capita clients. This was then uploaded onto the dark web, according to the Sunday Times.
They also said the personal data belonging to teachers applying for jobs at schools has also been listed for sale. The “Black-hat” group also claimed this is just a sample of the data they have stolen from Capita.
In an update posted on its website on 10 May, Cipta announced that they had interrupted the attack and “significantly restricted” its impact.
Additionally, they said they had taken steps to recover and secure affected data and were working with necessary regulators, customers and suppliers to alert those affected.
Following reports of a second breach of one of Capita’s unsecured databases in early May, the reputation of the firm has certainly taken a hit. However, this is sadly quite common, like mentioned earlier, anyone can be the victim of a Cyber attack.
As previously mentioned, the reputation of Capita was damaged by this data breach. However, after a Cyber attack, the response from the business or company can improve the situation all-round, just as easily as it can plummet it further into more problems.
Unfortunately, in this case, the response from Capita was… criticised, to say the least.
Specifically, many have complained about Capita’s lack of transparency and its handling of the breach. A report from “The Times” reported that this lack of transparency was caused by mixed messages from Capita to the public along with little communication with customers.
They also reported several staff complaints, with one employee saying, “We’ve not been told anything, no guidance on what to tell customers. I only find updates on this via the papers.”
While it’s true anyone can be a victim of a data breach, the Colchester City Council is quite justified in their criticisms as Capita. This is because further breaches on firms such as Capita could affect the data of millions.
Capita provides a huge number of services to businesses and organisations all over the UK, including the NHS, British Army, Royal Navy, BBC, and fire and rescue operations for the Ministry of Defence.
Richard Block, chief operating officer of Colchester City Council, said: “The privacy and security of personal information are paramount, and we are extremely disappointed that such a serious data breach by one of our contractors has occurred.”
In conclusion, this is a tragic example of the effects of a Cyber attack, as well as how worse it can get when it’s handled poorly. Unfortunately, this is quite a change from our previous blogs, where communication was handled a lot better, for example, Microsoft Exchange’s Crash.
However, it does serve as a reminder that the threat of data breaches and Cyber attacks is ongoing and evolving. Requiring constant vigilance to mitigate the risks.
Furthermore. that’s why at Solutions 4 IT we can’t recommend enough that you have someone in-house or outsourced externally to look after your Cyber security and IT Support needs.
That is the end of our blog on Acer’s most recent Cyber attack. We hope you’ve found this blog informational and interesting.
If so, be sure to stay up-to-date on our latest blog releases, ranging from IT News blogs to Knowledgebase articles. Thank you for reading!