Capita tells employees: Personal data stolen in March hack

Executives first said hack was 'Just a small breach'

Capita tells employees: Personal data stolen in March hack

Capita has told some of its own employees that their personal information was compromised in a Russian cyberattack earlier this year.

In a letter to affected staff, Capita said it had identified evidence indicating that some personal data - including national insurance numbers, addresses and pension details - was "compromised and/or copied from Capita's systems."

"We are informing those we have identified to be affected by the incident, and Capita colleagues are being contacted where necessary as part of that process," the company said, according to the The Financial Times.

The acknowledgment comes after a delay of over three months since the cyberattack's initial disclosure.

According to The Times, staff members expressed shock and upset due to the delay in notifying them about the impact of the breach.

Although they had been told at the end of May that some individuals might be affected, staff had had no further communication since then.

One employee told The Times that the hack was downplayed during internal meetings, with Capita executives referring to it as "just a small breach."

Capita's recent letter mentions that the company had engaged the services of a consultant to verify whether the data had been sold on the dark web.

A Capita spokesperson gave the standard line in these situations: the company is working with forensic experts and cybersecurity professionals to investigate, and taking "extensive" measures to recover and secure the data.

"This is a complex investigation and the process is ongoing. In line with our previous announcement, we continue to inform those affected," the spokesperson said.

Government supplier at scale

As a supplier with contracts valued at £6.5 billion in the public sector, Capita is one of the largest contractors to the UK government.

The company, which boasts a workforce of more than 50,000 employees in the UK, provides services to customers including the British Army and the Royal Navy. It also works with fire and rescue operations for the Ministry of Defence, the London boroughs of Barnet, Barking and Dagenham, and South Oxfordshire.

The company has a significant contract with HM Revenue and Customs to automate specific tax collection processes.

It also has a contract worth £456 million with the BBC, to manage the collection of the licence fee.

A developing attack

The Capita breach first came to light in March, when the company acknowledged that certain systems had experienced disruptions attributed to an "IT issue."

It later admitted that cybercriminals had successfully infiltrated its systems and went undetected for approximately 10 days.

Initially, Capita had confidently claimed that no customer data had been compromised.

However, the company revised its stance a week later and issued an update acknowledging that certain information may indeed have been stolen.

In May, Capita alerted investors to the possibility of incurring a financial setback of up to £20 million as a result of the attack.

Capita is now facing its first legal claim in relation to the data breach.

In June, Barings Law, an England-based law firm, announced that it had sent a Letter of Claim to Capita, outlining its clients' case and addressing their concerns regarding the breach.

Capita is not the only major company to experience a cyberattack in recent months.

In April, payroll giant SD Worx had to temporarily suspend all IT systems for its UK and Ireland services, after detecting malicious activity.

In May, hackers affiliated with the ransomware group Clop targeted users of the MOVEit Transfer file-sharing tool, stealing data from several companies and organisations in different countries.