Colchester City Council is continuing an investigation in response to the unsafe storage of personal data after a “serious data breach” by one of their financial services contractors.
The local authority has been using Capita for providing the council’s end-of-year auditing services for council tax and benefits. This involves extracting information from the council’s secure systems.
However, the council says recent events have brought to light the fact that Capita has failed to maintain the necessary standards for data protection. The benefits data files include details of the benefits people are in receipt of.
READ MORE: Major Southend house fire leaves people homeless as blaze completely destroys home
This is historic data and relates to the 2019/20 and 2020/21 financial years. The data, along with similar information from other local authorities, was found on an unsecured Amazon Data Bucket controlled by Capita.
Capita has confirmed that it has since been made secure and we can confirm that the data does not include any bank details.
A spokesperson for Colchester City Council said: “Capita has informed us their investigations are continuing, but we have requested they provide additional information to confirm the extent of the data breach as quickly as possible. They have informed us that there is currently no evidence of any malicious use of Colchester’s data.”
Richard Block, Colchester City Council’s Chief Operating Officer, said: “The privacy and security of personal information is paramount, and we are extremely disappointed that such a serious data breach by one of our contractors has occurred.
“We require all parties involved in the handling of sensitive information to adhere to the highest standards of data protection and it is unacceptable that Capita has failed to meet these required standards. As a result, we are considering what further action may be appropriate regarding Capita.
“Upon becoming aware of this incident, the records in question were immediately secured, and we continue to investigate the incident to ensure that all necessary measures are, and remain, in place. We have reported the incident to the appropriate regulatory authorities and will cooperate fully with any investigation or any further actions required.
“We have been assured by Capita that no personal bank account details have been compromised, but we understand any data breach is a concern. We expect a full explanation and remedy from the company and for them to apologise directly to those affected.”
Capita has been approached for a response.