The Week in Security: Capita AWS bucket exposes benefits data, Toyota leaks customer data on 2M

This week: An unsecured AWS bucket exposed English citizen’s data. Also: A 10 years-long breach on Toyota leaked the data of more than 2 million customers.

This Week’s Top Story

Capita’s unsecured AWS bucket led to a benefits data exposure of British residents

Capita, a consulting, transformation and digital services business, is under fire this week for its lack of security hygiene after its Amazon (AWS) bucket containing benefits data on South East England city council residents was left exposed. The victim, Colchester City Council, has been working this week since it discovered the open AWS bucket to make sure its residents haven’t been harmed as a result of the exposure. The Council originally enlisted Capita’s services as a contractor with the intention that Capita would run the end-of-year auditing services for the council tax and benefits.

The Council announced this week that Capita has made the bucket secure and confirmed that the leaked data did not include bank details. What did end up being exposed however were the benefits that local residents received in fiscal years 2019/20 and 2020/21. And as of now, Capita has not found any evidence of the exposed data being used for malicious purposes.

As the Council is continuing to clean up the mess of this exposure, its members are publicly stating their disappointment with Capita. The Council’s chief operating officer, Richard Block, said in a statement that he was “extremely disappointed” that this breach occurred, and also noted that Capita’s failure to meet security standards as their contractor is “unacceptable.” The Council also has plans to hold Capita accountable for the exposure by continuing its own investigation of the incident, as well as working with regulatory authorities.

This incident isn’t the first time Capita has faced cybersecurity issues. Back in late March of this year, Capita had to shut down parts of its internal systems after it detected a digital break-in of its infrastructure, which ransomware gang Black Basta took responsibility for.

Field CISO Ali Khan: How deep scanning protects your data in the cloud

News Roundup

Here are the stories we’re paying attention to this week…

Data of more than 2 million Toyota customers exposed in ten years-long data breach (Security Affairs)

Toyota Motor Corporation disclosed a data breach that exposed the car-location information of 2,150,000 customers between November 6, 2013, and April 17, 2023. The data breach was caused by a database misconfiguration that was accessible to anyone without authentication.

Lacroix closes production sites following ransomware attack (Security Week)

Lacroix is an international designer and producer of embedded and industrial internet of things (IIoT) systems. According to the company, on the night of May 12, it detected a targeted cyberattack that hit its French (Beaupréau), German (Willich) and Tunisian (Zriba) sites that produce electronics systems for critical infrastructure entities.

Researchers uncover powerful backdoor and custom implant in year-long cyber campaign (The Hacker News)

Government, aviation, education, and telecom sectors located in South and Southeast Asia have come under the radar of a new hacking group as part of a highly-targeted campaign that commenced in mid-2022 and continued into the first quarter of 2023.

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack (Security Affairs)

A joint analysis conducted by industrial cybersecurity firms Claroty and Otorio discovered multiple flaws in Teltonika Networks’ IIoT products that can expose OT networks to remote attacks. Teltonika Networks is a leading manufacturer of networking solutions, widely adopted in industrial environments, including gateways, LTE routers, and modems.

U.S. offering $10 million reward for Russian man charged with Ransomware attacks (Security Week)

Mikhail Pavlovich Matveev, a 30-year-old Russian national, has been charged by the U.S. Justice Department for his alleged role in numerous ransomware attacks, including ones targeting critical infrastructure.