Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free TrialThis week: An unsecured AWS bucket exposed English citizen’s data. Also: A 10 years-long breach on Toyota leaked the data of more than 2 million customers.
Capita, a consulting, transformation and digital services business, is under fire this week for its lack of security hygiene after its Amazon (AWS) bucket containing benefits data on South East England city council residents was left exposed. The victim, Colchester City Council, has been working this week since it discovered the open AWS bucket to make sure its residents haven’t been harmed as a result of the exposure. The Council originally enlisted Capita’s services as a contractor with the intention that Capita would run the end-of-year auditing services for the council tax and benefits.
The Council announced this week that Capita has made the bucket secure and confirmed that the leaked data did not include bank details. What did end up being exposed however were the benefits that local residents received in fiscal years 2019/20 and 2020/21. And as of now, Capita has not found any evidence of the exposed data being used for malicious purposes.
As the Council is continuing to clean up the mess of this exposure, its members are publicly stating their disappointment with Capita. The Council’s chief operating officer, Richard Block, said in a statement that he was “extremely disappointed” that this breach occurred, and also noted that Capita’s failure to meet security standards as their contractor is “unacceptable.” The Council also has plans to hold Capita accountable for the exposure by continuing its own investigation of the incident, as well as working with regulatory authorities.
This incident isn’t the first time Capita has faced cybersecurity issues. Back in late March of this year, Capita had to shut down parts of its internal systems after it detected a digital break-in of its infrastructure, which ransomware gang Black Basta took responsibility for.
Field CISO Ali Khan: How deep scanning protects your data in the cloud
Here are the stories we’re paying attention to this week…
Toyota Motor Corporation disclosed a data breach that exposed the car-location information of 2,150,000 customers between November 6, 2013, and April 17, 2023. The data breach was caused by a database misconfiguration that was accessible to anyone without authentication.
Lacroix is an international designer and producer of embedded and industrial internet of things (IIoT) systems. According to the company, on the night of May 12, it detected a targeted cyberattack that hit its French (Beaupréau), German (Willich) and Tunisian (Zriba) sites that produce electronics systems for critical infrastructure entities.
Government, aviation, education, and telecom sectors located in South and Southeast Asia have come under the radar of a new hacking group as part of a highly-targeted campaign that commenced in mid-2022 and continued into the first quarter of 2023.
A joint analysis conducted by industrial cybersecurity firms Claroty and Otorio discovered multiple flaws in Teltonika Networks’ IIoT products that can expose OT networks to remote attacks. Teltonika Networks is a leading manufacturer of networking solutions, widely adopted in industrial environments, including gateways, LTE routers, and modems.
Mikhail Pavlovich Matveev, a 30-year-old Russian national, has been charged by the U.S. Justice Department for his alleged role in numerous ransomware attacks, including ones targeting critical infrastructure.
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free Trial