Capita looking at a bill of £20M over breach clean-up costs
Analyst says expense 'no small drop in ocean' but reputational damage could be 'far greater'
Britain's leaky outsourcing behemoth Capita is warning investors that the clean-up bill for its recent digital break-in will cost up to £20 million ($25.24 million).
At the end of March, the business was blindsided when criminals broke into its tech infrastructure and stayed inside for more than a week before Capita realized it was the victim of a "cyber incident."
The company shut down its systems, pulling access to a range of Microsoft applications, as it tried to head off the attacker/s.
Russian ransomware extortionists subsequently claimed responsibility. External help was hired with forensic investigators combing through the systems to ascertain what happened. Capita said in April that 4 percent of its servers were accessed by the intruder/s and there was evidence some data was stolen.
In a statement to the London Stock Exchange this morning, Capita said work with specialist advisors – the National Cyber Security Centre is helping out – and security experts was ongoing and the total expense is becoming clearer.
"Capita expects to incur exceptional costs of approximately £15m to £20m associated with the cyber incident, comprising specialist professional fees, recovery and remediation costs and investment to reinforce Capita's cyber security environment," the company said.
- UK Ministry of Defence takes recruitment system offline, confirms data leak
- A right Royal pain in the Dallas: City IT systems crippled by ransomware
- IT giant Bitmarck shuts down customer, internal systems after cyberattack
- Criminal records office yanks web portal offline amid 'cyber security incident'
Unsurprisingly, the tech service biz has "also taken steps to ensure the integrity, safety and security of its IT infrastructure to underpin its ongoing clients service commitments." The high-profile breach will not have been music to the ears of its customer base.
Capita has around £6.5 billion ($8 billion) worth of public and private sector contracts, including with various departments of UK government.
In today's update, it now believes that "some data was exfiltrated from less than 0.1 percent of its server estate. Capita has taken extensive steps to recover and secure the customer, supplier and colleagues data contained within the impacted server estate, and to remediate any issues arising from the incident."
This, of course, could be 0.1 percent of "most sensitive" data, as analysts at Megabyte rightly pointed out in response.
It emerged last week that Capita had written to pension clients – it administers 450 pension schemes with 4.3 million members – to say that their data might have been lifted from its systems. We do not know how many, if any, are actually affected.
Capita said it is working with "all appropriate regulatory authorities and with customers, suppliers and colleagues to notify those affected and take any remaining necessary steps to address the incident."
James Preece, analyst at Megabyte, said the situation at Capita developed from an i"nitial cyber breach that restricted internal access to a few Office applications into a full-on customer and supplier data exfiltration clanger."
He said £20 million is "no small drop in the ocean, but the reputational damage for a key supplier to critical UK government services such as Capita is likely far greater."
The "debacle" underlines the "importance of a good cyber posture and the cost of getting it wrong," he added. Security researcher Kevin Beaumont has repeatedly pulled Capita across hot coals for what he sees as a lack of transparency in the way it has dealt with the breach. ®