In May 2023, Capita – which provides outsourced pension administration services to over 450 pension providers – was hacked. As a result, over half a million UK pension holders have had their personal data breached.
We don’t yet know the full extent of the Capita data breach. However, the following organisations have confirmed that they are affected:
- The Universities Superannuation Scheme (USS)
The USS is the biggest private sector pension plan in the UK. Around 470,000 members may have had their detail stolen in the Capita cyber-attack.
- Diageo
The drinks maker has said that around 32,000 pension members have been affected by the incident.
- Unilever
Capita has confirmed that some Unilever member data may have been accessed by the unauthorised third party.
- Marks and Spencer
In 2021 the scheme had 106,000 members with about 53,000 of those pensioners.
- Rothesay
Around 50,000 individuals are thought to be affected.
- PwC pension scheme
A letter from the trustees of the PwC pension scheme confirms that member data has been exfiltrated.
- BAE Systems
Following a detailed investigation, Capita notified the Trustee that, personal details of approximately 8,000 pensioner members with SIPS benefits were included in copies of the data that were taken by the cyber attackers.
- Capita
Capita has told some of its employees that their personal data, including names, addresses and national insurance numbers, were stolen in the data hack.
Personal data, including names, dates of birth and National Insurance numbers may have been accessed by hackers. Other valuable information may also have been compromised and we understand financial/bank details may also be affected.
At KP Law, our cyber experts are investigating the breach to find out exactly what happened and who is affected. We have launched a group action to help victims of this data breach claim compensation, and we are already representing hundreds of clients in this action.
Our action against Capita is being led by Kingsley Hayes – Head of Privacy & Data Litigation, and arguably the UK’s most experienced data breach lawyer. Having successfully helped clients get justice and compensation following breaches at Ticketmaster and British Airways, Kingsley is putting the strength of his team behind this action to do the same for victims of the Capita data breach.
Speaking about the Capita hack, Kingsley said: “We have been investigating this case since the day the breach was announced, and we believe that, while Capita was hacked, poor processes within the business ultimately made a successful attack possible. To put it bluntly, Capita negligently lost the confidential data.
We now represent clients across 23 separate pension schemes, with more joining our action daily. In addition, two leading Unions have appointed our firm to provide legal assistance to their members. While Capita is playing down the extent and implications of this breach in the media, it is clear that its public pronouncements do not match the reality of the notifications being made to pension scheme administrators.
“The damage that can be done with the compromised information should not be underestimated. Our data protection lawyers have seen victims of similar data breaches become the target of cybercriminals, with instances of phishing, fraud, and identity theft. As such, victims of the Capita hack must be vigilant. Some individuals have been offered credit monitoring following the breaches. We strongly recommend that this is accepted as it will help to detect any fraudulent attempts to use the compromised personal data.
“If we are right, and security failures at Capita made this hack possible, it must be held accountable. We are already helping hundreds of victims to claim compensation for the loss and distress they are experiencing because of this hack, and we encourage anyone else involved in this shocking data protection failure to register with us today.”
KP Law runs all its data breach actions –including the Capita group action – on a no-win, no-fee basis.
Capita data breach support for scheme administrators
As well as helping claimants get justice and compensation through our group action, KP Law is also offering support to pension schemes suffering the consequences of the Capita data breach through no fault of their own.
Empowering scheme administrators to take charge of the rectification process on their members’ behalf, KP Law can provide legal services to scheme members and help schemes to support their members’ compensation claims for damages against Capita. Providing a streamlined solution that removes the hassle from the process, KP Law is protecting schemes, and their members at this critical time.
Any scheme administrator who wishes to discuss our proposition should contact Kingsley directly.