Capita Recommends Its Customers to Assume Their Data Was Stolen
While Capita Cannot Confirm if Data Was “Exfiltrated,” they Recommend to Assume it Was.
At the end of March, a cyberattack affected Capita’s systems, resulting in the theft of customer data.
Six weeks after the attack was revealed, Capita warned Universities Superannuation Scheme (USS), the largest private pension scheme in the UK, to assume that their members’ data was stolen.
The USS manages the pensions of over 500,000 UK university and higher education institution members (and their families), investing £82.2 billion (over $102 billion) on their behalf.
Capita warned USS that the hackers accessed about 470,000 active, deferred, and retired members’ personal information, including names, dates of birth, and National Insurance numbers.
While Capita cannot currently confirm if this data was definitively ‘exfiltrated’ (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was. We are awaiting receipt of the specific data from Capita, which we will, in turn need to check and process.
The Capita attack affected up to 350 UK corporate retirement schemes, “making it one of the biggest hacks in British history,” as per The Telegraph.
Black Basta Claims the Attack
Initially, Capita described the outage as a “technical issue,” but three days later the company acknowledged a cyberattack caused the outage.
According to Bleeping Computer, the Black Basta ransomware gang added a private entry for Capita to its data leak site on April 17, threatening to sell allegedly stolen data such as bank account details, addresses, passport scans, and other confidential information.
On April 20th, Capita revealed that the attackers exfiltrated files from roughly 4% of its “server estate,” including customer, supplier, or colleague data. They gained access to Capita’s systems on March 22 and stayed active until March 31, when the company discovered the breach.
On May 5th, Capita published an update saying that “less than 0.1% of its server estate was compromised.”
Following the incident, the company said it expects to incur exceptional costs of up to £20 million (around $25 million).
The Capita Cyber Incident
On 31 March 2023, outsourcing company Capita was the victim of a cyber incident that primarily affected internal access to its Microsoft 365 applications, causing disruptions to customer services.
According to The Guardian, Capita is one of the UK Government’s biggest suppliers, covering “everything from the tax system to recruiting soldiers for the army.”
The incident was of such magnitude that telephone lines serving several public services in the London boroughs of Barking & Dagenham, South Oxfordshire, and Barnet were down that day.