Lawyer sees almost 1,000 complainants sign up to Capita breach class action
95% pertain to pension schemes administered by outsourcing giant, says Barings Law
The law firm that last month sent a Letter of Claim to Capita over a security breach in late March says it has signed up nearly 1,000 clients as it prepares a class action lawsuit aimed at the outsourcing giant.
UK-based Capita confirmed the cyber-burglary in early April, saying at the time intruders had spent nine days on the inside of its IT systems before they were spotted. Some 0.1 percent of Capita servers were accessed and it had evidence that data had been exfiltrated, including personal and corporate information.
In May, the tech services company wrote to pension clients – it administers 450 schemes in Britain with 4.3 million members – to inform them that some of their data was housed in the systems that were potentially accessed. The Pension's Regulator advised clients to speak to Capita to ascertain the risk.
The Universities Superannuation Scheme (USS), Britain's largest private pension plan, also warned its half a million members of the potential dangers, saying data on Capita's servers related to 470,000 active, deferred and retired members, and Capita had advised them to assume some data had been accessed or copied.
Step forward Barings Law, the Manchester-based solicitor that sent a Letter of Claim to Capita in June to outline the case for its clients, which at that point totaled 250 individuals. This week the solicitor claims it has "signed up almost 1,000 clients."
A representative told us: "95 percent of Baring's clients relating to this are pension clients. The rest are former or current employees of Capita."
According to the USS, for example, the data accessed by Capita's intruders could include the pension member's titles, initials and name, date of birth, National Insurance number and USS member number.
- Capita staffers told attackers stole data from its own pension fund
- Capita wins £50M fraud reporting contract with City of London cops
- Another security calamity for Capita: An unsecured AWS bucket
- More UK councils caught by Capita's open AWS bucket blunder
Alex Mathewson, a 68-year-old retired miner from Barnsley, is among the individuals being represented by Barings Law. "When you've given nearly 50 years of blood, sweat and tears and then you're told something like this has happened, you feel let down," he said via a statement from the solicitor.
He is a member of the Mineworkers Pension Scheme, administered by Capita, which wrote to customers last month to say their data might have been compromised in the breach, and to look out for fraud attempts.
No papers have yet been served to court by Barings Law, and Capita had three months to reply to the Letter of Claim sent weeks ago. The solicitor previously told us: "Capita may respond to say they are investigating this breach as due to the size and nature of the breach these investigations take time. The ICO will also be investigating (18-24 months for this to be finalised). Capita could wait for ICO to conclude their investigation before fully responding.
"If Barings Law issue to court at this stage and do not have a substantive response, the Judge may want to know why they did not wait before issuing in the high court. For this reason, it is common practice to wait before a firm issues in the high court. This could take 18-24 months from today."
Capita continues to investigate the breach with the help of external specialists, and reckons the total cost of the clean-up will be in the region of £20 million, though analyst Megabuyte pointed out that reputational damage will be far greater.
The Information Commissioner's Office previously said around 90 organizations have reported breaches of personal data stored by Capita.
Capita declined to comment. ®