{"id":89524,"date":"2023-05-05T09:45:00","date_gmt":"2023-05-05T09:45:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=89524"},"modified":"2023-05-05T09:45:00","modified_gmt":"2023-05-05T09:45:00","slug":"capita-pension-clients-told-data-may-have-leaked","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=89524","title":{"rendered":"Capita pension clients told data may have leaked"},"content":{"rendered":"
<\/div>\n

Outsourcer Capita has told some pension provider clients that data it processed on their behalf was compromised in the March 2023 Black Basta ransomware<\/a> attack on its systems.<\/p>\n

According to the Financial Times<\/i><\/a>, which was first to break the story, Capita wrote to trustees yesterday (Thursday 4 May) to inform them that having examined the impacted servers, it had identified that pensions data was \u201clikely to have been exfiltrated\u201d.<\/p>\n

In the message, a copy of which was leaked to the newspaper, Capita told those contacted that this did not necessarily mean their data had been stolen, rather that their data was known to be hosted on one of the affected servers.<\/p>\n

Capita said it expected to complete its investigations in the next seven days, but that there was no evidence any of the data had appeared on the dark web. It has supposedly rebuilt its server infrastructure from the ground up to avoid a repeat of the incident.<\/p>\n

In a statement, Capita said: \u201cCapita is working closely with specialist advisers and forensic experts in investigating the incident to provide assurance around any potential customer, supplier or colleague data exfiltration.\u201d<\/p>\n

\u201cCapita continues to work through its forensic investigations and inform any customers, suppliers or colleagues that are impacted in a timely manner,\u201d the firm\u2019s spokesperson said.<\/p>\n

The latest twist in Capita\u2019s unfortunate tale comes amid mounting criticism from customers and security experts in regard to how the outsourcer \u2013 which runs IT operations across a vast swathe of the UK\u2019s public sector \u2013 responded to the incident.<\/p>\n

In its initial statement on the matter, Capita said: \u201cThe issue was limited to parts of the Capita network and there is no evidence of customer, supplier or colleague data having been compromised.\u201d However, it is now abundantly clear this was not the case.<\/p>\n

According to the Financial Times<\/i>, pension clients have been \u201cstruggling\u201d to get Capita to share any information with them more than a month after the cyber attack came to light, and are increasingly concerned their pension schemes have been affected.<\/p>\n

Both The Pensions Regulator and Financial Conduct Authority have been in touch with Capita clients<\/a> to tell them to establish whether or not they have been affected, and to report to the Information Commissioner\u2019s Office (ICO) if so.<\/p>\n

The ICO has additionally confirmed it has received reports of downstream data breaches arising from the Capita incident.<\/p>\n

Capita has also been attacked for its disclosure management. Writing in early April<\/a>, independent security researcher Kevin Beaumont said the outsourcer had been too slow to publicly respond to the attack and had failed to be transparent with its customers, waiting a number of days before confirming the 31 March outage initially said to be an IT incident was in fact a cyber attack<\/a>.<\/p>\n

It waited longer still to reveal it was dealing with a ransomware attack<\/a>, and did not confirm this was the case until several days after Black Basta had begun hawking its customers\u2019 data on the dark web.<\/p>\n","protected":false},"excerpt":{"rendered":"

Outsourcer Capita has told some pension provider clients that data it processed on their behalf was compromised in the March 2023 Black Basta ransomware attack on its systems. According to the Financial Times, which was first to break the story, Capita wrote to trustees yesterday (Thursday 4 May) to inform them that having examined the […]<\/p>\n","protected":false},"author":1,"featured_media":89525,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-89524","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/89524","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=89524"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/89524\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/89525"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=89524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=89524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=89524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}