Capita Cyberattack Hits UK Pension Funds

The recent hacker attack aimed at UK-based business process outsourcing and professional services company Capita could impact hundreds of pension funds and millions of their members.

The largest private pension scheme in the UK, the Universities Superannuation Scheme (USS), revealed on Friday that it had learned from Capita that information on USS members was stored on servers accessed by cybercriminals. 

The information, dating from 2021, include the title, initial, name, date of birth, National Insurance number, and USS member number of roughly 470,000 members. 

“While Capita cannot currently confirm if this data was definitively ‘exfiltrated’ (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was,” USS said

British newspaper The Telegraph has learned from sources that as many as 350 pension funds and millions of their members could be impacted by the Capita breach. 

The IT company said last week that it expects to incur costs ranging between £15 million ($19 million) and £20 million ($25 million) as a result of the incident, but it has not clarified whether the amount includes a ransom payment to the hackers. 

The Black Basta ransomware group, which has taken credit for the attack on Capita, has removed all mentions of the company from its leak website — after initially threatening to sell stolen personal and financial data — which suggests that the cybercriminals have been or are expecting to get paid. 

Advertisement. Scroll to continue reading.

Capita has confirmed the theft of customer and other data from its systems. In its latest update on the cybersecurity incident, the company said data was stolen from less than 0.1% of its servers. However, experts believe that can still be a significant amount of data

Capita is one of the largest business outsourcing providers in the UK and its services are used by many government organizations. Some of these customers have started informing the public about the incident and the actions they are taking in response. 

Related: Ransomware Attack Hits Health Insurer Point32Health

Related: Payments Giant NCR Hit by Ransomware

https://www.securityweek.com/capita-cyberattack-hits-uk-pension-funds/