Site icon Rapid Telecast

Capita’s own pension scheme suffered data breach in March hack

Capita’s own pension scheme  suffered data breach in March hack

Receive free Capita PLC updates

Members of Capita’s own pension fund have been told that their data was stolen in a cyber attack in March that affected dozens of private sector retirement schemes using the outsourcer’s administration services.

“We are informing those we have identified to be affected by the incident, and Capita colleagues are being contacted where necessary as part of that process,” the company said, without giving any details.

The notification sent to Capita’s pension fund members, first reported by the Times, comes more than three months after the hack. The outsourcer said investigations were still ongoing.

The revelations folow the trustee of the PwC pension fund warning members of its defined benefit scheme late last month that dates of birth and retirement had been accessed during the Capita hack. Members had been told in May that names, data including national insurance numbers and member ID numbers could have been compromised. 

In its latest letter to members, the PwC pension trustee said that “Capita could not confirm to us that this information was final, complete and accurate”.

Details of over half a million members of UK’s private sector pension schemes may have been stolen in the Capita cyber attack. USS — the UK’s biggest private sector pension plan — warned in May that the personal data of about 470,000 members may have been stolen during the hack.

The pension schemes of Pearson, Marks and Spencer, Diageo, Unilever, and BAE said that their members’ personal data was likely to have been stolen.

While many affected members have been offered access to a monitoring service, some have said this is insufficient. One USS member described it as a “non-solution that places the onus on the victims to monitor our own potential identity theft”.

Many of those affected have been distressed. “In a way I feel I would like to change my complete identity,” said one PwC pension fund member. “There’s so much of me that’s now out in the hands of somebody else who can choose to use it however they want.”

Capita said it had used third-party consultants to monitor the dark web since the cyber incident occurred and there had been no evidence of any data for sale.

Many pension scheme members are considering taking legal action, with law firm Barings Law initiating proceedings with a pre-action letter to Capita last month in response to the recent data breaches.

The outsourcer handles the data of hundreds of private and public sector clients, including the BBC and the Royal Navy. The cyber attack also affected NHS England, with files containing names and NHS numbers of deceased and deregistered patients among the documents accessed.

Capita has also been criticised for the handling of a separate incident involving its work with local councils after some of its data was stored on an unsecured Amazon data bucket at the end of April.

Despite the fallout, Capita has continued to win contracts. The City of London Police announced in June that the outsourcer had been appointed to operate a contact centre for the reporting of fraud and cyber crime. 

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

Read original article here

Denial of responsibility! Rapidtelecast.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@rapidtelecast.com. The content will be deleted within 24 hours.
Exit mobile version