Outsourcer Capita has admitted that some data was leaked during a cyber attack it suffered in late March – believed to be a ransomware attack – “which might include customer, supplier or colleague data”. 

 

The firm, which acts as third-party administrator for many pension funds, first confirmed a “cyber incident” publicly on 3 April. On 16 April, the Sunday Times reported that data is being leaked online which appears to come from Capita, after the firm became aware of the attack on 31 March.  

 

   

Until the latest update, Capita said that its investigations had not yet confirmed any evidence of data having been compromised, but it has now confirmed that "there is currently some evidence of limited data exfiltration from the small proportion of affected server estate”. 

 

In the most recent update, the outsourcing giant known for handling government contracts, explained: “From our investigations to date, it appears that the incident arose following initial unauthorised access on or around 22 March and was interrupted by Capita on 31 March. As a result of the interruption, the incident was significantly restricted, potentially affecting around 4% of Capita’s server estate.” 

 
It said it continues to work through its forensic investigations and will inform any customers, suppliers or colleagues that are impacted by the breach in a timely manner. 

 

The cyber attack meant staff were denied access to Microsoft Office 365 in March, which has now been restored. Capita said the majority of its client services were not impacted and remained in operation and that it “has now restored virtually all client services that were impacted”. 

 

Capita has not revealed if the attack was a ransomware attack or whether restoring systems access involved paying a ransom. 

What measures should trustees have in place to mitigate third party risk?