News

The ICO is receiving a large number of reports about the Capita data breaches

The Information Commissioner’s Office (ICO) – which is the UK’s data protection regulator – has published a statement about the Capita data breaches.

The statement reveals that the ICO is receiving a large number of reports about two data protection breaches at Capita – one of the UK’s most prominent business process outsourcing and professional services companies.

Capita Data Breach One

The first data breach relates to a ransomware cyber-attack that happened in March 2023 when criminals exfiltrated some data from Capita’s servers.  

Capita provides outsourced pension administration services to over 450 pension providers across the UK and several of them have confirmed that they are affected by the breach. So far, we believe that over half a million UK pension holders   could be affected by this data security incident.  

Personal data, including names, dates of birth and National Insurance numbers may have been accessed by hackers. Other valuable information may also have been compromised and we understand financial/bank details were also affected.

Capita Data Breach Two

The second data breach relates to the use of publicly accessible storage. Colchester Council has shared its “extreme disappointment with Capita” after benefits data for 2019-20 and 2020-21 was found on an unsecured storage platform (an unsecured Amazon Data Bucket controlled by Capita). This data security incident is believed to affect several other local authorities. 

The bucket which contained more than half a terabyte of data, had been exposed online and unprotected by a password since 2016. Capita claims that that no personal bank account details have been compromised in this incident.  

The ICO’s statement on the Capita data breaches

The statement from the IC), which was posted on 26 May 2023, reads:  

“We are aware of two incidents concerning Capita, regarding a cyber-attack in March and the use of publicly accessible storage. 
 
“We are receiving a large number of reports from organisations directly affected by these incidents and we are currently making enquiries. We are encouraging organisations that use Capita’s services to check their own position regarding these incidents and determine if the personal data they hold has been affected. If necessary, consider reporting a data breach to the ICO and we will use this information to inform our next steps. 
 
“Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach, unless it does not pose a risk to people’s rights and freedoms. If an organisation decides that a breach doesn’t need to be reported, they should keep their own record of it and be able to explain why it wasn’t reported if necessary.” 

Can you claim compensation for the Capita data breaches?

At KP Law, our cyber experts are investigating the breaches to find out what happened and who is affected.  

If you receive notification that you are affected by a Capita data breach, register below to receive updates on our investigation. We’ll let you know what’s happening, and if you can make a no-win, no-fee data breach compensation claim. 

Deborah Stuttard

Share
Published by
Deborah Stuttard
1 year ago

Recent Posts

Latest Data Breach Round-Up – June 2024

In our regular update, we provide a roundup of some of the data breaches and… Read More

5 months ago

Join our MOVEit/ Zellis Data Breach Action

We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More

5 months ago

One year on – the extent of the MOVEit data hack is just becoming clear

The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More

5 months ago

Join our 23andMe Data Breach Action

We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More

5 months ago

ICO and Canadian counterpart to investigate 23andMe data breach

The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More

5 months ago

Join Our Capita Data Breach Action

We have launched a group action against Capita. Group actions can be a powerful tool… Read More

5 months ago