Categories: CyberCrimeSecurity

Pension Funds Warn Members Over Capita Breach

The Information Commissioner’s Office (ICO) says it has received about 90 breach reports so far from organisations whose personal data was held by the outsourcer Capita.

Capita was hit by a cyber attack in March and it later emerged the company had left a cache of data unsecured online.

“We are receiving a large number of reports from organisations directly affected by these incidents and we are currently making enquiries,” the ICO said.

Hundreds of thousands of people are being notified that their personal data was affected by the March hack, while Capita says it has secured the exposed online data.

Image credit: Sora Shimazaki/Pexels

Data breach

Companies who may have been affected by the Capita incidents must notify the ICO within 72 hours of becoming aware of a personal data breach, unless it does not pose a risk to people’s rights and freedoms.

This being the case, the ICO is urging organisations that use Capita to determine whether the personal data they hold has been affected and consider reporting a breach.

If they decide not to report an incident they should keep their own record of it and be prepared to explain why it wasn’t reported if necessary, the ICO said.

Capita has not disclosed details of the March breach, but industry experts have speculated it was a ransomware attack.

Pension funds

The company initially said it did not believe the incident had put personal data at risk, but has since warned that data was probably stolen from a number of large pension schemes it administers.

The pension schemes of Marks and Spencer, Diageo, Unilever and Rothesay are amongst those affected, Capita has said.

The main UK pension fund for universities, the Universities Superannuation Scheme (USS), is also in the process of notifying all of its 500,000 members that their data is at risk.

USS said that “details of USS members were held on the Capita servers accessed by the hackers” and that the attackers potentially accessed members’ name, date of birth, National Insurance number, USS member number and retirement dates.

Data ‘secure’

The details, which date from early 2021, cover about 470,000 active, deferred and retired members, USS said.

“While Capita cannot currently confirm if this data was definitively ‘exfiltrated’ (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was,” USS said in a statement.

Capita said he has “worked quickly to provide our clients with information, reassurance and support, while delivering for them as a business” and will continue to provide further support to those affected as needed.

It said the data exposed in the second incident “was secure and no longer accessible and our investigations into this matter are ongoing”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Must Face Trial In Ad Tech Monopoly Case

Google loses bid for summary judgement as judge says 'too many facts in dispute' as…

7 hours ago

Silicon In Focus Podcast: Feeding the Machine

Learn how your business can meet the challenges associated with managing data across multiple platforms…

8 hours ago

Apple, Meta Likely To Face EU Antitrust Charges

Apple, Facebook parent Meta reportedly likely to face EU antitrust charges before August under new…

8 hours ago

Adobe Shares Jump On AI Success

Adobe shares post biggest gains in more than four years after it reports user take-up…

8 hours ago

Winklevoss’ Gemini To Pay $50m In Crypto Fraud Settlement

Winklevoss twins' Gemini Trust to pay $50m to settle cypto fraud claims over failed Gemini…

9 hours ago

Meta Delays EU AI Launch After Privacy Complaints

Meta delays Europe launch of AI in Europe after user, privacy group complaints over plans…

9 hours ago