Categories: CyberCrimeSecurity

Pension Funds Warn Members Over Capita Breach

The Information Commissioner’s Office (ICO) says it has received about 90 breach reports so far from organisations whose personal data was held by the outsourcer Capita.

Capita was hit by a cyber attack in March and it later emerged the company had left a cache of data unsecured online.

“We are receiving a large number of reports from organisations directly affected by these incidents and we are currently making enquiries,” the ICO said.

Hundreds of thousands of people are being notified that their personal data was affected by the March hack, while Capita says it has secured the exposed online data.

Image credit: Sora Shimazaki/Pexels

Data breach

Companies who may have been affected by the Capita incidents must notify the ICO within 72 hours of becoming aware of a personal data breach, unless it does not pose a risk to people’s rights and freedoms.

This being the case, the ICO is urging organisations that use Capita to determine whether the personal data they hold has been affected and consider reporting a breach.

If they decide not to report an incident they should keep their own record of it and be prepared to explain why it wasn’t reported if necessary, the ICO said.

Capita has not disclosed details of the March breach, but industry experts have speculated it was a ransomware attack.

Pension funds

The company initially said it did not believe the incident had put personal data at risk, but has since warned that data was probably stolen from a number of large pension schemes it administers.

The pension schemes of Marks and Spencer, Diageo, Unilever and Rothesay are amongst those affected, Capita has said.

The main UK pension fund for universities, the Universities Superannuation Scheme (USS), is also in the process of notifying all of its 500,000 members that their data is at risk.

USS said that “details of USS members were held on the Capita servers accessed by the hackers” and that the attackers potentially accessed members’ name, date of birth, National Insurance number, USS member number and retirement dates.

Data ‘secure’

The details, which date from early 2021, cover about 470,000 active, deferred and retired members, USS said.

“While Capita cannot currently confirm if this data was definitively ‘exfiltrated’ (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was,” USS said in a statement.

Capita said he has “worked quickly to provide our clients with information, reassurance and support, while delivering for them as a business” and will continue to provide further support to those affected as needed.

It said the data exposed in the second incident “was secure and no longer accessible and our investigations into this matter are ongoing”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago