Capita reveals cyber attack set to cost it up to £20m
The outsourcing firm admitted last month that hackers had accessed its systems for nearly 10 days before the breach was discovered.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Outsourcing firm and government contractor Capita has revealed it will take a hit of up to £20 million from a recent cyber attack that saw some customer, supplier and staff data accessed by hackers.
The group, which is a major contractor for local authorities, said investigations into the incident suggest that some data was accessed, but that this was from less than 0.1% of its server estate.
It said it has taken “extensive steps” to recover and secure the data contained within the affected server estate, and to “remediate any issues arising from the incident”.
It expects the bill for the cyber attack to reach between around £15 million and £20 million, covering specialist professional fees, recovery and remediation costs, as well as investment to reinforce its cyber security defences and strengthen its IT security.
Capita has ... taken further steps to ensure the integrity, safety and security of its IT infrastructure to underpin its ongoing client service commitments
Capita said it is “working closely with all appropriate regulatory authorities and with customers, suppliers and colleagues to notify those affected and take any remaining necessary steps to address the incident”.
“Capita has also taken further steps to ensure the integrity, safety and security of its IT infrastructure to underpin its ongoing client service commitments,” it added.
Capita admitted last month that hackers had accessed its systems for nearly 10 days before the breach was discovered.
The pensions regulator has reportedly asked hundreds of pension funds that use Capita as an administrator to assess whether their client data may be at risk.
It is thought that information containing Capita data was circulating on the dark web after the breach in March – with reports suggesting this included home addresses and passport images.
Capita’s systems are used to administer pensions for around 450 organisations, including corporate giants Royal Mail and Axa, covering millions of policyholders.
Capita declined to confirm what data was potentially accessed in the attack or how many staff, suppliers and customers were affected.
The attack marks the latest in a recent spate of cyber incidents, with high street retailer WH Smith suffering its second hack in less than a year in March and Royal Mail’s international postal service suffering lengthy disruption after hackers targeted the group.