British govt tech supplier Capita crippled by 'IT issue'

Capita, a major business and IT services provider that has scored multi-million-dollar contracts with several UK government agencies, confirmed some of its systems fell over today due to "an IT issue."

Staff at the London-based giant couldn't access their own work email, their Microsoft cloud accounts, and other systems beginning Friday morning. The biz issued a statement on Twitter, and promised more information would be forthcoming.

"Following a technical problem which has affected access to some of our services today, we can confirm that we have identified an IT issue that is primarily impacting our internal systems," the technology outsourcer said.

"The reality is that we've had no access to anything related to Capita's Azure Directory (AD) or Azure Active Directory, which includes VPN and all Microsoft 365 and Azure services," a Register-reading Capita insider told us.

"The company is essentially at a standstill although I'm guessing that they're gathering forensic data prior to restoring AD. There are rumors of an offshore employee clicking on a JavaScript-infected email, but that is exactly that. Rumor and conjecture. No one outside of the Red Team has any real knowledge - which is probably how it should be."

Capita provides a huge number of services for Blighty's National Health Service organizations, as well as the British Army, Royal Navy, and fire and rescue operations for the Ministry of Defence, among other public and private organizations, including O2. 

The company's public-sector contracts total £6.5 billion ($8.2 billion), according to The Guardian. And because its contracted services are so enmeshed with those provided by the British government, the outage sparked concerns about disruptions to critical health and emergency services, as well as a possible nation state cyberattack. 

The Financial Times, citing "people familiar with the matter," said the outage affected Microsoft 365 applications, including Office email and video conferencing. Companies such as O2 that use Capita's call centers also reported broken-down systems and processing delays stemming from the IT snafu.

An unnamed Capita employee told The Guardian they were unable to log into their laptop after their password was rejected as "incorrect."

Additionally, a text message sent to all staff read: "We are urgently investigating this and will provide you with an update shortly. Please do not attempt to access via VPN or submit password recovery requests."

• UK Ministry of Defence takes recruitment system offline, confirms data leak
• What's the price of failure? For Capita, it's a £140m extension to its MoD recruiting contract
• Psst! Infosec bigwigs: Wanna be head of security at HM Treasury for £50k?
• NHS Highland 'reprimanded' by data watchdog for BCC blunder with HIV patients

At press time, the UK Cabinet Office did not respond to The Register's specific inquiries, though issued an earlier media statement saying, "We are aware of an incident affecting some systems within Capita and we are in regular contact with the company as they continue to investigate the issue." 

This latest IT meltdown at Capita comes a year after the UK Ministry of Defence suspended its online application and support services for the British Army's Crapita-run recruitment system after tech issues.

The army was alerted to the behind-the-scenes gremlins, and "that a group of hackers was going to release Army Application Data on the dark web," a source familiar with the matter told The Register at the time. ®