Colchester City Council is continuing its investigations in response to the unsafe storage of personal data by its financial services contractor, Capita.
Capita has been entrusted with the crucial task of providing the council's end-of-year auditing services for council tax and benefits. This involves extracting information from the council's secure systems. However, recent events have brought to light the fact that Capita has failed to maintain the necessary standards for data protection.
The benefits data files include details of the benefits people are in receipt of. This is historic data and relates to the 2019/20 and 2020/21 financial years. The data, along with similar information from other local authorities, was found on an unsecured Amazon Data Bucket controlled by Capita. Capita has confirmed that it has since been made secure and we can confirm that the data does not include any bank details.
Capita has informed us their investigations are continuing, but we have requested they provide additional information to confirm the extent of the data breach as quickly as possible. They have informed us that there is currently no evidence of any malicious use of Colchester’s data.
Richard Block, Colchester City Council’s Chief Operating Officer, said: “The privacy and security of personal information is paramount, and we are extremely disappointed that such a serious data breach by one of our contractors has occurred.
“We require all parties involved in the handling of sensitive information to adhere to the highest standards of data protection and it is unacceptable that Capita has failed to meet these required standards. As a result, we are considering what further action may be appropriate regarding Capita.
“Upon becoming aware of this incident, the records in question were immediately secured, and we continue to investigate the incident to ensure that all necessary measures are, and remain, in place. We have reported the incident to the appropriate regulatory authorities and will cooperate fully with any investigation or any further actions required.
“We have been assured by Capita that no personal bank account details have been compromised, but we understand any data breach is a concern. We expect a full explanation and remedy from the company and for them to apologise directly to those affected.”
Page last reviewed: 17 May 2023