Last week, the Information Commissioner’s Office (ICO), which is the UK’s data protection regulator, published a statement about two significant data breaches at Capita.
The first breach followed a ransomware cyber-attack in March 2023, when criminals exfiltrated some data from Capita’s servers. We believe that over half a million UK pension holders could be affected by this data security incident. The second Capita data breach relates to benefit data that was left on an unsecured Amazon storage platform for years.
In its statement, the ICO said that it was receiving “a large number of reports” about the data protection breaches. And today (30 March 2023), more information has come to light, as the ICO confirms that the number of organisations with reported breaches is now around 90.
We don’t yet know the full list of affected organisations, or which organisations have been affected by which breach. But it’s clear that far more people could be affected by the Capita data breaches than first thought. Capita administers pension funds for several large firms, including Royal Mail and Axa, so millions of policyholders could be at risk.
We do know that the following pension plans and local authorities may have had data compromised in the Capita data breaches.
The USS is the biggest private sector pension plan in the UK. Around 470,000 members may have had their detail stolen in the Capita cyber-attack.
The drinks maker has said that around 32,000 pension members have been affected by the incident.
Capita has confirmed that some Unilever member data may have been accessed by the unauthorised third party.
In 2021 the scheme had 106,000 members with about 53,000 of those pensioners.
Around 50,000 individuals are thought to be affected.
Personal data, including names, dates of birth and National Insurance numbers may have been accessed by hackers. Other valuable information may also have been compromised and we understand financial/bank details were also affected.
Affected pension schemes and local authorities should be in touch to notify individuals involved in the Capita data breaches.
If you receive notification that you are affected by a Capita data breach, register below to receive updates on our investigation. We’ll let you know what’s happening, and if you can make a no-win, no-fee data breach compensation claim.
You should also take steps to protect yourself following the breach. Find out how to do this here.
In our regular update, we provide a roundup of some of the data breaches and… Read More
We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More
The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More
We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More
The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More
We have launched a group action against Capita. Group actions can be a powerful tool… Read More