Capita admits some pension data 'likely' to have been accessed in March breach

Capita is telling pension customers that some data contained within its systems was potentially accessed when criminals broke into the outsourcing giant's tech infrastructure earlier this year.

The business admitted to a "cyber incident" – that nebulous phrase which downplays the significance of an attack – in March, when miscreants spent nine days inside the company's systems.

As part of the ongoing investigation, Capita said in April around 4 percent of its servers were accessed by the intruder and some customers, colleagues and suppliers' data was lifted. Russian extortionist crew Black Basta claimed responsibility, saying it had floated some of the stolen data for sale, including Capita documents marked confidential, passport scans, bank account details and more.

Now it has emerged that the UK outsourcing giant, which has around £6.5 billion worth of contracts, has written to pension customers to confirm that data it processes for them may have been accessed, according to letters seen by the Financial Times.

"To be clear, this does not necessarily mean that your data has been identified as exfiltrated, it means that your data was on [Capita] servers from which some data is likely to have been exfiltrated," the company said.

The probe Capita is going through, with help from forensic investigators, should be completed by the end of next week, the letter added. Capita also said it had not seen any pension data on the dark web and had a third-party specialist verifying this regularly. The server infrastructure was rebuilt to minimize the risk of a similar incident.

A spokesperson told us: "Capita is working closely with specialist advisors and forensic experts in investigating the incident to provide assurance around any potential customers, supplier or colleague data exfiltration.

• Criminal records office yanks web portal offline amid 'cyber security incident'
• Capita to see wave of UK government contracts come to an end by 2025
• UK Ministry of Defence takes recruitment system offline, confirms data leak
• Co-Operative Bank today 'terminated' Capita's outsourcing contract years before it was due to expire

"Capita continues to work through its forensic investigations and inform any customers, suppliers or colleagues that are impacted in a timely manner."

The London Stock Exchange-listed business administers more than 450 pension schemes with 4.3 million members. We do not know how many of these or which ones are affected, if any.

A legal specialist that works at a Capita pension client told the FT that trustees and managers are still "struggling" to "get data specific to their scheme's situation." Obviously they want to know whether their data was exposed and if it is now in criminal hands.

The Pensions Regulator (TPR) told us it is advising clients about the breach: "This is an ongoing situation with more detail emerging daily. We are in contact with trustees, other regulators and Capita. We have directed trustees to TPR and ICO [Information Commissioner's Office] guidance to help them in communicating with scheme members and we are speaking to Capita about what they are able to share with trustees.

"In light of the cyber incident directed at Capita, we have asked trustees of schemes which employ Capita as their administrator to speak with the company to understand more about the situation and to help determine whether there is a risk to their scheme's data.

"If a trustee establishes that their scheme has suffered a data loss, they have a duty to notify TPR, other authorities and impacted individuals. Our communication requires trustees to read TPR's and the ICO guidance on cyber and IT security and to make sure they are familiar with their responsibilities." ®