Mon-Thu 09:00-18:00 | Fri 09:00-17:00

Capita data breach carried out by Russian hackers could affect the data of millions

Last month, it was reported that Capita, the outsourcing and professional services specialist and government contractor, suffered a cyber-attack in March. Originally, it was stated that customer, supplier or colleague data may have been accessed. Recent developments have found that the attack was carried out by the Russian hacking group, Black Basta, who have since leaked Capita customer data which is now circulating on the dark web.

The Sunday Times reported that The Pensions Regulator had written to hundreds of pension funds trustees that use Capita to administer their schemes, asking them to investigate whether the personal details of millions of clients had been breached following the Capita data breach.

Earlier today, the Financial Times reported that Capita had written to pension clients confirming that some data it processed was likely to have been hacked during the incident. This could affect millions of people’s data, as Capita is one of the UK’s largest outsourcers to the private and public sectors and is one of the UK government’s biggest contractors.

If your data has been breached as a result of the Capita hack, you could be entitled to claim compensation. Even if you don’t directly deal with Capita, they may still hold and manage your data as an outsourced service provider. For example, Capita’s systems administer the pensions of around 4.5 million people on behalf of 450 organisations, including AXA, Royal Mail, and PwC, and they manage the administration of the UK government Teachers’ Pension Scheme.

In this article, we’ll outline the details of the Capita data breach, including all information that has been reported about who it may affect and what data could have been accessed. Read on to find out more.

Image of the Capita website with a magnifying glass in front of it magnifying the Capita symbol.

What happened during the Capita cyber incident?

Capita announced, on 3 April 2023, that it had experienced a cyber incident, which primarily impacted access to internal Microsoft 365 applications. From their investigations, they found that the incident occurred following initial unauthorised access on or around 22 March 2023 and was interrupted by them on 31 March 2023. In a statement posted on their website, they said:

Capita continues to work through its forensic investigations and will inform any customers, suppliers, or colleagues that are impacted in a timely manner.”

It is believed that companies using Capita for call centre services, such as O2, were affected, while a number of council customer service lines were impacted, too.

A Capita spokesperson told The Register, “We continue to work closely with specialist advisers and forensic experts in investigating the incident.”

“We are in constant contact with all relevant regulators and authorities. Our investigations have not yet been able to confirm any evidence of customer, supplier, or colleague data having been compromised.”

These regulators include the UK’s Information Commissioner’s Office and an ICO spokesperson has confirmed Capita reported a network “incident” to them, and they are assessing the information provided.

More recently, it has been reported that in correspondence sent to trustees on Thursday [4 May 2023], the contents of which the Financial Times has seen, Capita said, “said a large team of staff had searched the servers that had been affected by the attack to understand what data might have been lost.”

From those investigations, it found that some pensions data that Capita processes on behalf of its clients “is likely to have been exfiltrated.”

“To be clear, this does not necessarily mean that your data has been identified as exfiltrated, it means that your data was on [Capita] servers from which some data is likely to have been exfiltrated,” it said in the message.

Capita told trustees it expected the investigations to be finalised “by the end of next week or shortly thereafter”. It added that there was “no evidence” that Capita pensions data was available on the dark web and that it had a third-party specialist checking regularly. As a result of the hack, it has rebuilt its server infrastructure to reduce the risk of an incident like this occurring again.

Image of a screen with 3 blue padlocks and one red padlock opened on a screen full of numbers and letters.

What data has been affected by the Capita data breach? 

In their statement, Capita said the cyber incident affected around 4% of Capita’s server estate and that “There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data.”

Since then, however,  the Sunday Times has revealed that passport pictures, bank account details, home addresses and phone numbers of purported Capita clients have been uploaded onto the dark web. They also said the personal data belonging to teachers applying for jobs at schools has also been listed for sale by foreign cybercriminals. The group also claims this is just a sample of the data they have stolen from Capita.

In a letter sent by The Pensions Regulator to hundreds of trustees who independently manage company pensions, it said:

“As a data controller, you need to gain assurance that your data processed by Capita is secure and take action as necessary to protect your members… Please tell us what steps you have taken to meet your obligations as a data controller.”

Capita’s systems administer the pensions of around 4.5 million people on behalf of 450 organisations, including AXA, Royal Mail and PwC, and schools throughout the UK. It’s believed that Capita’s systems would have access to staff salaries, the value of pensions accrued and bank account details. The Pensions Regulator has asked companies to work with Capita to determine whether their data has been compromised.

A spokesperson for the Pensions Regulator said:

We take IT security and the risk of cyberattacks extremely seriously. In light of the cyber incident directed at Capita, we have asked trustees of schemes which employ Capita as their administrator to speak with the company to understand more about the situation and to help determine whether there is a risk to their scheme’s data.”

Capita said: “Since March 31, we have been in regular contact with trustees and regulators, and we will keep them updated as our investigation into the cyber incident progresses.” 

“We continue to work closely with specialist advisers and forensic experts in investigating the incident,” a Capita spokesperson told The Register.

“We are in constant contact with all relevant regulators and authorities. Our investigations have not yet been able to confirm any evidence of customer, supplier, or colleague data having been compromised.”

Capita state that once they have completed their investigation, they will inform all parties affected by the security breach, if necessary.

Image of a hackers typing on a laptop with screens featuring phrases such as security breach, attack, malware, and virus detected over it

The response since the Capita breach 

Many have complained about Capita’s lack of transparency and their handling of the breach. The Times quoted a source at a big Capita customer who criticised the company’s communications, saying:

“I’d say they are in big danger of turning a crisis into a calamity. Mixed messages in public, little communication with customers and, if this was a serious ransomware incident, as some have claimed, and they know some data was accessed or taken, they have a responsibility to communicate transparently. A company of that size should know better and should be more in control of their messages.”

They also reported several staff complaints, with one employee saying, “We’ve not been told anything, no guidance on what to tell customers. I only find updates on this via the papers.” 

This breach is incredibly alarming as it could affect the data of millions. Capita provides a huge number of services to businesses and organisations all over the UK, including the NHS, British Army, Royal Navy, BBC, and fire and rescue operations for the Ministry of Defence. It also holds many UK Government contracts, including the administration of the UK government Teachers’ Pension Scheme and several English Councils, as well as many other public and private organisations, including O2, BMW, and Scottish Power.

According to Capita, it expects investigations to be finalised “by the end of next week or shortly thereafter”. So, we may get a clearer picture of exactly who has been affected and what data was accessed then.

Image of a keyboard up close with a red neon warning symbol above the word 'BREACHED' hovering over the keyboard

Can I claim compensation for the Capita data breach? 

If it is uncovered that your data has been compromised as part of the Capita data breach, whether it was stored through a third-party company using their services or not, you could be entitled to claim compensation.

The nature of the data stored by Capita, coupled with the reports that personal data stolen during the Capita cyber-attack was leaked onto the dark web, make this breach particularly distressing. Personal information such as names, addresses, phone numbers, salary information, passport photographs, and bank account details, to name just a few, could have been breached.

This can lead to severe repercussions for those affected, including identity theft, fraud, and financial losses, as well as leaving individuals open to phishing scams – not to mention the emotional distress caused by the thought of your information being accessed and handled by criminals.

Under General Data Protection Regulation (GDPR) and the Data Protection Act 2018, companies that store the personal data of individuals have a legal right to store it safely and in line with regulations. This includes putting adequate protections in place to keep it safe from cyber-attacks and hackers. If they fail to do so, it can put your data at risk, and legal action can be taken against them.

HNK Solicitors can help with your data breach claim 

If you have been affected by the Capita data breach, you could be entitled to claim compensation. HNK Solicitors can help you to make a successful data breach claim and get you the compensation you deserve for any losses and distress caused by the breach.

When making a data breach claim, it’s always a good idea to consult an expert data breach solicitor, as they have a deep understanding of the law and regulations around data protection and can therefore ensure you get the full amount you’re entitled to.

Get in touch with our team today to arrange a free consultation to discuss the details of your claim. Call us on 0151 668 0810, email us at enquiries@hnksolicitors.com, or fill in our online claim form today.

Related Posts

Get in touch

Fill out the below form and one of our advisors will get in touch to arrange a consultation about your claim.

Recent Articles

Policeman and police motorcycle behind cordon tape at an accident or crime scene
Can I claim against the police?
March 22, 2024
Image of a person's legs lying on the floor next to a car. Car accident concept image.
HNK recover £99,700 for claimant injured during an attempted robbery on his vehicle
March 7, 2024
Photograph of two British transport police officers stood inside a train station.
Kent Police officer jailed for six months for inappropriate relationship with suspect
March 7, 2024
Call Us Claim Now