Yahoo Finance Pensions data ‘likely’ stolen in Capita hack
One of Britain’s biggest outsourcers has admitted that pensions data was “likely” stolen in a Russia-linked cyber attack earlier this year.
Capita, which works with providers including Aviva and Phoenix, has written to City clients saying that pensions data was likely “exfiltrated” by Russian-speaking ransomware gang Black Basta during a serious cyber attack in late March, the Financial Times reported.
In a message sent to clients on Thursday, Capita said: “To be clear, this does not necessarily mean that your data has been identified as exfiltrated, it means that your data was on [Capita] servers from which some data is likely to have been exfiltrated.”
The realisation follows Capita’s internal investigation, which involved searching servers impacted by the hack to understand what data has been lost.
Capita provides administration services to around 450 organisations, including Royal Mail, Axa and PwC.
The company is one of the biggest government contractors. Capita holds a £456m contract to collect and enforce the BBC TV licence fee, runs the Ministry of Defence's military recruitment process, and handles substantial parts of the NHS’s IT services.
Hundreds of pension schemes that use Capita as an administrator were recently told by the watchdog to check whether their pensioners’ personal data was at risk. The Pensions Regulator urged schemes to seek assurances from Capita.
Meanwhile, pension funds have urged savers to “stay vigilant” following the cyber attack, warning them to watch out for hackers who might try to exploit any stolen data.
Last week, the Marks & Spencer Pension Scheme notified pension holders that it was in contact with Capita over the attack.
“Capita provides a range of outsourced services to thousands of clients across several industries and we do not yet know whether the Scheme's data is impacted,” it said in an update to savers.
The scheme said it was working closely with Capita and receiving “regular updates” on the attack and urged savers to watch out for phishing emails that might be trying to take advantage of the hack. The pension fund added: “Due to the public nature of the cyber incident, it's important for members to stay vigilant.”
It added members should double check any emails they receive which claim to be from Capita or from the scheme itself.
Other funds including the Mineworkers' Pension Scheme, Royal Mail's Statutory Pension Scheme and the British Coal Staff Superannuation Scheme also warned savers attempting to log into their pension schemes that Capita was still assessing whether members' data had been compromised.
The Environment Agency Pension Scheme issued a similar warning to savers on Tuesday.
Pension fund manager Aviva told the Financial Times earlier this week there was “no evidence” that any data had been accessed, while Phoenix was reported to have had “confirmation” its customers were not impacted.
Capita initially suggested that no data at all was stolen during the cyber attack but was later forced to backtrack after sensitive information – including primary school vetting documents – appeared on the dark web.
The outsourcer told clients on Thursday that there is “no evidence” pensions data is available on the dark web and has recruited a third-party specialist to monitor the situation.
Capita also said it has rebuilt its server systems to reduce the risk of another cyberattack. Its investigation is expected to conclude by the end of next week.
A Capita spokesman said: “Capita is working closely with specialist advisers and forensic experts in investigating the incident to provide assurance around any potential customer, supplier or colleague data exfiltration.
“Capita continues to work through its forensic investigations and inform any customers, suppliers or colleagues that are impacted in a timely manner.”
