Security researcher finds treasure trove of Capita data exposed online

Simply weeks after the corporate admitted to an information breach that probably impacted buyer information, TechCrunch has realized that London-based outsourcing large Capita has left a wealth of knowledge uncovered on-line for 7 years.

Demanding anonymity, a safety researcher hacked TechCrunch into an unprotected Amazon-hosted storage bucket secured by Capita final week.

The AWS bucket, which the researcher says has been open to the web since 2016, contained about 3,000 recordsdata with a complete measurement of 655 GB. The bucket had no passwords, permitting anybody who knew the easy-to-guess net deal with to entry the recordsdata. Particulars of the uncovered cloud server had been additionally captured by GrayHatWarfare, a searchable database that indexes publicly seen cloud storage.

In line with a filename pattern reviewed by TechCrunch, the uncovered information contains software program recordsdata, presenter photos, and quite a few Excel spreadsheets, PowerPoint shows, and textual content recordsdata. The safety researcher instructed TechCrunch that one of many textual content recordsdata contained login particulars for one in every of Capita’s programs, with some filenames indicating that information was loaded into the bucket that was uncovered as just lately as this yr.

It isn’t clear whether or not information on Capita clients, an inventory that features the UK’s Nationwide Well being Service and the Division for Work and Pensions, are included in these recordsdata. “I will guess that some of these items should not be accessible on the web since they’ve since closed the bucket,” the safety researcher instructed TechCrunch.

Capita was warned of the info breach in late April and secured the bucket that very same week. The safety researcher who reported the breach to Capita instructed TechCrunch that whereas the uncovered bucket was promptly closed, the corporate didn’t have a accountable disclosure program or a devoted safety officer.

Capita spokeswoman Elizabeth Lee declined to reply TechCrunch’s questions.

The investigator stated he believed this incident had nothing to do with the incident. Late March Capita cyberattack Requested by Black Basta ransomware group. The extent of this incident is unknown, although Capita acknowledged final month that it noticed proof of “restricted information theft” that “may embody buyer, provider or colleague information”.

Examples of leaked information seen by TechCrunch embody checking account particulars, passport images and driver’s licenses, and private information of academics making use of for jobs in faculties. These recordsdata aren’t publicly shared by Black Basta. It’s unknown whether or not the ransom demand was paid.