Pension Schemes Scramble to Safeguard Data after Capita Breach

In the wake of a the recent cyber attack on Capita, Britain’s largest outsourcer, hundreds of pension schemes have been instructed to verify whether their data and the data of their customers has been compromised. The Pensions Regulator has urged schemes that employ Capita as an administrator to assess whether their customers personal information is at risk. Providing administration services to approximately 450 organisations representing 4.5 million savers, including Royal Mail, Axa, and PwC, Capita is also a significant UK government contractor. Initially, the company claimed no data had been stolen when cyber gang “Black Basta” hacked its systems in late March. However, Capita later conceded that a still unknown amount of data was taken after customer-held information, such as passport images, home addresses, building floor plans and more began circulating online.

On Sunday, The Pensions Regulator confirmed that it had contacted schemes using Capita to ensure they had been in touch with the company and sought assurances. As reported by The Sunday Times, the letter also reminded trustees of their responsibilities to protect their members’ data. A spokesman for The Pensions Regulator stated, “We take IT security and the risk of cyber attacks extremely seriously. That’s why we have issued guidance for trustees.” He added that if a trustee finds their scheme has suffered data loss, they must notify The Pension Regulator, other authorities, and affected individuals.

Capita’s response to the cyber attack has been criticised by experts as slow, questioning why it took the company so long to admit being hacked – particularly as it appeared to be the victim of overt ransomware. Capita revealed last month that hackers operated within its systems undetected for nine days before being discovered and stopped. While the company has not provided details about the kind of information that may have been taken, it maintains that only a small proportion of its computer servers were compromised (which could still have devastating impacts on those affected). In addition to pension schemes, Capita’s clients include the NHS, the Ministry of Defence, and the BBC, for which it collects the licence fee. The government remains in regular contact with the company, and the National Cyber Security Centre, part of GCHQ, is still seeking reassurances that key national infrastructure has not been compromised.

At One2Call we specialise in Cyber Security services designed to prevent malicious attacks such as this. Our Endpoint Detection and Response platform, paired with our SIEM and 24/7 SOC (Security Operations Centre), mean that businesses can stay protected from Cyber Attacks 24/7/365! EDR uses advanced artificial intelligence to detect suspicious or malicious activity on all endpoints and stop it in its tracks. If you would like to find out more about EDR, click the link below.

Latest News Stories