The personal details of nearly 100 people were accessible to other members of the Civil Service Pension Scheme last week in a data breach at administrator Capita. It comes just six months after the firm was fined £14m for failing to ensure the security of personal data, and amid serious payment delays at CSPS. 
 

The data issue was due to a failed link supporting the pension portal, according to the Public and Commercial Services Union, which was informed of the breach by Capita. The portal was shut down in response, but 138 users had already accessed it, potentially seeing the names and addresses of almost 100 other scheme members. 

The 1.5m member scheme has notified the Information Commissioner’s Office, ministers and the Public Accounts Committee.

 

A spokesperson for the ICO said: "We can confirm we have received a report and are assessing the information provided."

 

The Civil Service Pension Scheme told members that the issue occurred on its portal for around 35 minutes on 30 March, affecting “a small number” of annual benefit statements.

 

“138 members either received personal [annual benefit statements] data belonging to other members and/or had their personal data seen by other members,” it added. “This was identified quickly, ABS functionality was immediately suspended, and a full investigation undertaken.”

The benefit statement function remains offline while the issue is being fixed.

“We sincerely apologise for this issue and any concerns you may have. We take the protection of members’ personal data extremely seriously,” the scheme added. 

The Cabinet Office, which manages the scheme, has asked Capita to provide immediate support to affected members, such as credit monitoring services. 

A Cabinet Office spokesperson said: "We are aware of the incident and take the issue extremely seriously. While only a very small number of members were affected, we are working with Capita to establish the facts and ensure appropriate measures are taken. We will consider further action as required.”

The data breach adds to existing strain between civil servants and Capita, with union PCS saying it further undermines its confidence in Capita’s ability to manage critical public services.  

General secretary Fran Heathcote said: “This is yet another hammer blow to members’ confidence in the administration of their pensions. This government came to office promising the biggest wave of insourcing in a generation. With every failure like this, the case for bringing essential services back in-house gets stronger.” 

The union called the leak “a disappointing end to the bank holiday weekend shutdown, which was intended to improve the services provided by Capita”. 

The data breach follows a £14m fine by the ICO last October because criminals had access to the data of 6.6m people, including sensitive information such as details of criminal records, financial data or special category data. The ICO found that Capita had lacked the appropriate technical and organisational measures to effectively respond to the attack.   

 

The latest issue, though not linked to criminal activity, will be uncomfortable for Capita. Two of the firm’s executives – CEO of Capita Public Service Richard Holroyd* and managing director Chris Clements – appeared before MPs on 26 March because of the delays at CSPS.  

 

The administration of the scheme returned to Capita from MyCSP on 1 December last year, after issues had emerged with MyCSP. Capita said it inherited 86,000 backlog items, instead of the agreed 37,000. In January, unions wrote to the Cabinet Office demanding urgent action as some members experienced long delays to their pensions and lump sums and there were issues with accessing the online portal. 

Capita has sought to address the delays by expanding its team by 50%, but there are still concerns. A retirement modeller tool promised for the end of March is “not functioning and has been rejected by the Cabinet Office”, according to PCS. The union said there were “growing doubts that the company will meet its target to clear the pensions backlog by the end of June”, citing around 20,000 outstanding pension quotes. 
  

 

   

   

 
*This article has been updated to clarify that Richard Holroyd is CEO of Capita Public Service