At the end of March, a cyberattack affected Capita’s systems, resulting in the theft of customer data.

Six weeks after the attack was revealed, Capita warned Universities Superannuation Scheme (USS), the largest private pension scheme in the UK, to assume that their members’ data was stolen.

The USS manages the pensions of over 500,000 UK university and higher education institution members (and their families), investing £82.2 billion (over $102 billion) on their behalf.

Capita warned USS that the hackers accessed about 470,000 active, deferred, and retired members’ personal information, including names, dates of birth, and National Insurance numbers.

While Capita cannot currently confirm if this data was definitively ‘exfiltrated’ (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was. We are awaiting receipt of the specific data from Capita, which we will, in turn need to check and process.


The Capita attack affected up to 350 UK corporate retirement schemes, “making it one of the biggest hacks in British history,” as per The Telegraph.

Black Basta Claims the Attack

Initially, Capita described the outage as a “technical issue,” but three days later the company acknowledged a cyberattack caused the outage.

According to Bleeping Computer, the Black Basta ransomware gang added a private entry for Capita to its data leak site on April 17, threatening to sell allegedly stolen data such as bank account details, addresses, passport scans, and other confidential information.


On April 20th, Capita revealed that the attackers exfiltrated files from roughly 4% of its “server estate,” including customer, supplier, or colleague data. They gained access to Capita’s systems on March 22 and stayed active until March 31, when the company discovered the breach.

On May 5th, Capita published an update saying that “less than 0.1% of its server estate was compromised.”

Following the incident, the company said it expects to incur exceptional costs of up to £20 million (around $25 million).

The Capita Cyber Incident

On 31 March 2023, outsourcing company Capita was the victim of a cyber incident that primarily affected internal access to its Microsoft 365 applications, causing disruptions to customer services.

According to The Guardian, Capita is one of the UK Government’s biggest suppliers, covering “everything from the tax system to recruiting soldiers for the army.”

The incident was of such magnitude that telephone lines serving several public services in the London boroughs of Barking & Dagenham, South Oxfordshire, and Barnet were down that day.

If you want to learn how to mitigate and prevent ransomware or how ransomware spreads, check out our other articles, where we explain everything in detail.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Double Extortion Ransomware: The New Normal

Locking Out Cybercriminals: Here’s How to Prevent Ransomware Attacks

Black Basta Ransomware Attacks Global Technology Company ABB (UPDATED)

Five Ways Heimdal® Can Help You Protect Against Ransomware Attacks

Top 10 Endpoint Security Best Practices That Help Prevent Cyberattacks

Ransomware Payouts in Review: Highest Payments, Trends & Stats

Top Cybersecurity Trends – Current Landscape and 2023 Predictions

Most Dangerous Ransomware Groups in 2022 You Should Know About

How to Create a Successful Cybersecurity Strategy

How to Mitigate Ransomware?

Leave a Reply

Your email address will not be published. Required fields are marked *