Capita data breach: Investigation reveals personal data belonging to around 100 Adur and Worthing residents was leaked in cyber incident
and live on Freeview channel 276
It comes amid a continuing investigation by Adur and Worthing Councils into a data breach involving the systems of contractor Capita.
"Earlier this month the councils became aware of a potential breach at Capita, involving systems the company was managing for Adur and Worthing in February 2021,” a council spokesperson said.
Advertisement
Hide AdAdvertisement
Hide Ad"Capita then wrote to the councils on May 16 this year to highlight the breach. It said that the breach did not involve personal data.
“The internal investigation by the councils has involved reviewing each of the files that Capita has said was involved. Unfortunately this has revealed that those files did in fact contain some personal data belonging to around 100 Adur and Worthing residents.”
The councils said they have been able to confirm that there were ‘no names or bank or building society details’ of residents involved and ‘at this stage it considers that the risk to the residents appears minimal’.
In response, a Capita spokesperson said: “We are working with our third-party technical advisors to investigate this issue. The data is secure and no longer accessible. Our investigations into the matter are ongoing. The privacy and security of our client information is of the utmost importance to us.”
Advertisement
Hide AdAdvertisement
Hide AdCapita said it has already contacted ‘the small number of local authority clients who were affected’, adding: “No other clients were impacted. We wrote to local authorities affected in a timely way, and have provided all data involved.”
The councils are ‘continuing to investigate’ the breach and are liaising with the national cyber security team at the Department for Levelling Up, Housing and Communities, and other local authorities affected, ‘to get further information from Capita’.
An Adur & Worthing Councils spokesperson added: “We are extremely unhappy with both the data breach itself and Capita’s failure to provide us with swift and accurate information about what they have discovered.
“We treat data protection extremely seriously and are currently identifying each and every one of our residents that has been affected.
Advertisement
Hide AdAdvertisement
Hide Ad“At this stage we believe that there is only a minimal risk to our residents but we will be contacting them to make them aware of what has happened and will keep them updated.
“We are also alerting the Information Commissioner to what we have discovered and will continue to investigate how the breach happened.”
There is no need for residents to do anything ‘unless the councils have contacted them on this issue’.
However, if residents have any concerns they can contact the councils’ data protection officer by emailing [email protected].
Advertisement
Hide AdAdvertisement
Hide AdCapita previously said it has ‘continued to work closely and at speed’ with specialist advisers and forensic experts to ‘investigate and resolve the cyber incident’.
A statement on the company’s website on May 10 read: “As noted previously, the unauthorised intrusion was interrupted by Capita which resulted in the impact of the attack being significantly restricted.
"Capita understands now, based on its own forensic work and that of its third-party providers, that some data was exfiltrated from less than 0.1 per cent of its server estate.