I had forgot how big Capita are. It's like 492304932 different business units. Shodan Safari is like looking into the sun.

It looks like some of the plc centrally use Okta for authentication.. I hope they enabled Number Verification.

The Times reporter is being verbally briefed as #Capita still don't have email (almost 10 hours in).

They're told: 'There appears to be no risk to personal data processed by the business. The outage seems to be is hitting Office365 programmes including Outlook, Excel and Teams rather than client systems...'

Financial Times have a new article up about #Capita, saying two people familiar with the matter say cyber incident cannot be ruled out.

Curiously all the media articles about it this evening talk about the IT incident in the past tense - but it is still ongoing, it hasn't been resolved.
https://www.ft.com/content/00f9591f-e07a-4339-ba3e-413818602515

Verbal update from #Capita - they’re still restoring internal service, “there is no evidence that any data has been compromised."

They won’t discuss what is happening.

The Times have a report up saying #Capita NHS services staff are working using WhatsApp and Google Drive, rather than approved Microsoft tooling.

Massively concerned by lack of transparency, going to start digging into this tomorrow with officials. https://www.thetimes.co.uk/article/capita-dogged-by-it-problem-for-three-days-wthl2zp5v

#Capita are listed on Black Basta ransomware portal as a victim.

They posted various screenshots of access to personal data (e.g. passport scans), security vetting, nuclear BACS payment details, architecture diagrams, school reports etc - Capita customer data.

#threatintel

http://stniiomyjliimcgkvdszvgen3eaaoz55hreqqx6o77yvmpwt7gklffqd.onion/?id=CAPITA

#Capita's breach is also being sold on the portal, you can pay cryptocurrency for "Remote exclusive server with data of "CAPITA""

Black Basta focus on data exfiltration, traditionally using rclone. Prior reading: https://www.hhs.gov/sites/default/files/black-basta-threat-profile.pdf

I took a look at Capita’s ransomware incident, and look at what they’ve told the media and customers versus the reality of what has happened.

Black Basta ransomware group extorts Capita with stolen customer data, Capita fumble response.

https://doublepulsar.com/black-basta-ransomware-group-extorts-capita-with-stolen-customer-data-capita-fumble-response-9c3ca6c3b283

The Times website has a report this evening about the Black Basta breach of Capita. Capita still deny there is any evidence of data being compromised.. in a story that even includes details of Capita’s office floor plans leaking. #ransomware

https://t.co/3gSWyKp3bE

The Record reports #Capita is "...understood to be working to establish whether the data is authentic or if the extortion group had cobbled it together from other sources."

Maybe the source is cobbled together from Capita Business Services... or Capita Nuclear. Or one of the other Capita business units in the #BlackBasta portal. https://therecord.media/capita-investigates-authenticity-data-leak