The Target: Capita is a major UK-based outsourcing and professional services company that provides consulting, digital, and software services to local councils, the NHS, the Ministry of Defense, and organizations in the banking, utilities, and telecommunications sectors.
The Take: Hackers had accessed 4% of Capita’s internal IT infrastructure, and exfiltrated private files hosted on the breached systems.
The Vector: The company announced that it had been targeted by hackers who attempted access to its internal Microsoft 365 environment, forcing some systems offline as part of its response.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.