Capita cyber-attack: 90 organisations report data breaches

theguardian.com:

About 90 organisations have reported breaches of personal information held by Capita after the outsourcing group suffered a cyber-attack, Britain’s data watchdog has said.

The company, which runs crucial services for local councils, the military and NHS, experienced the hack, which caused a significant IT outage, in March.

Capita’s systems are used to administer pensions funds for several large firms, including Royal Mail and Axa, covering millions of policyholders.

The attack prompted the Pensions Regulator (TPR) to write to more than 300 pension funds to ask them to check if data was stolen by hackers.

A second data breach emerged in May when it was reported that the London-based firm had left benefits data files in publicly accessible storage, prompting several councils to say they thought their data had been compromised.

The Information Commissioner’s Office (ICO) said that about 90 organisations have so far been in contact with it over the two incidents.

In a statement, the ICO said: “We are aware of two incidents concerning Capita, regarding a cyber-attack in March and the use of publicly accessible storage. We are receiving a large number of reports from organisations directly affected by these incidents and we are currently making inquiries.

“We are encouraging organisations that use Capita’s services to check their own position regarding these incidents and determine if the personal data they hold has been affected. If necessary, consider reporting a data breach to the ICO and we will use this information to inform our next steps.”

As well as holding administering pension funds, Capita is an important government contractor and holds billions of pounds worth of public sector contracts including London’s congestion charge