Capita’s personal pension scheme suffered knowledge breach in March hack

Obtain free Capita PLC updates

We’ll ship you a myFT Every day Digest electronic mail rounding up the newest Capita PLC information each morning.

Members of Capita’s personal pension fund have been advised that their knowledge was stolen in a cyber assault in March that affected dozens of personal sector retirement schemes utilizing the outsourcer’s administration companies.

“We’re informing these we’ve recognized to be affected by the incident, and Capita colleagues are being contacted the place obligatory as a part of that course of,” the corporate stated, with out giving any particulars.

The notification despatched to Capita’s pension fund members, first reported by the Instances, comes greater than three months after the hack. The outsourcer stated investigations have been nonetheless ongoing.

The revelations folow the trustee of the PwC pension fund warning members of its outlined profit scheme late final month that dates of start and retirement had been accessed throughout the Capita hack. Members had been advised in Might that names, knowledge together with nationwide insurance coverage numbers and member ID numbers may have been compromised. 

In its newest letter to members, the PwC pension trustee stated that “Capita couldn’t verify to us that this data was ultimate, full and correct”.

Particulars of over half one million members of UK’s personal sector pension schemes might have been stolen within the Capita cyber assault. USS — the UK’s greatest personal sector pension plan — warned in Might that the private knowledge of about 470,000 members might have been stolen throughout the hack.

The pension schemes of Pearson, Marks and Spencer, Diageo, Unilever, and BAE stated that their members’ private knowledge was more likely to have been stolen.

Whereas many affected members have been supplied entry to a monitoring service, some have stated that is inadequate. One USS member described it as a “non-solution that locations the onus on the victims to observe our personal potential identification theft”.

A lot of these affected have been distressed. “In a means I really feel I wish to change my full identification,” stated one PwC pension fund member. “There’s a lot of me that’s now out within the palms of someone else who can select to make use of it nevertheless they need.”

Capita stated it had used third-party consultants to observe the darkish net because the cyber incident occurred and there had been no proof of any knowledge on the market.

Many pension scheme members are contemplating taking authorized motion, with legislation agency Barings Regulation initiating proceedings with a pre-action letter to Capita final month in response to the latest knowledge breaches.

The outsourcer handles the information of a whole bunch of personal and public sector shoppers, together with the BBC and the Royal Navy. The cyber assault additionally affected NHS England, with recordsdata containing names and NHS numbers of deceased and deregistered sufferers among the many paperwork accessed.

Capita has additionally been criticised for the dealing with of a separate incident involving its work with native councils after a few of its knowledge was saved on an unsecured Amazon knowledge bucket on the finish of April.

Regardless of the fallout, Capita has continued to win contracts. The Metropolis of London Police introduced in June that the outsourcer had been appointed to function a contact centre for the reporting of fraud and cyber crime.