HQ/EMEAFind out how we can help your business
Capita, a business process outsourcing company, warned its customers after a cybercriminal incident in the firm’s systems last month.
The company has advised the Universities Superannuation Scheme (USS) to take action under the assumption that threat actors may have stolen their members’ data. USS is a large private pension scheme in the UK and manages the pensions of approximately half a million members from UK universities and Higher Education institutions, with investments totalling around $102 billion.
Capita has informed USS that the cybercriminal operation compromised active and retired data.
The USS servers breached by threat actors stored approximately 470,000 active, retired, and deferred members’ personal information, including names, dates of birth, USS member numbers, and National Insurance numbers.
While the company could not confirm whether the threat actors have exfiltrated or copied the information mentioned earlier, they have suggested that their customers should expect the worst-case scenario and pretend that the actors have stolen the data.
The company is still investigating and searching for additional details of the attack. They reported the incident to the ICO and stated they would investigate and provide suggestions to improve their relations with USS.
Capita has also notified the Pensions Regulator and Financial Conduct Authority about the attack. The incident has affected 350 United Kingdom corporate retirement schemes per industry sources, making it the largest hack in Great Britain.
Initially, the company described the security incident as a technical problem. However, after disclosing the attack three days later, they acknowledged that the weekend-long temporary shutdown resulted from a cybercriminal operation.
The attack could have been related to a recent Black Basta ransomware campaign since the group has recently added a private entry for Capita to its data leak website. The cybercriminal group used a private link and threatened the firm to sell an alleged stolen database, including personal bank account details, passport scans, and addresses.
Capita has advised its customers to be cautious and to take appropriate measures to protect their personal information. The company has also taken all necessary steps to probe the issue and prevent similar security incidents from reoccurring.
