Related Articles
Hundreds of pension schemes have been ordered to check whether their data was stolen by cyber criminals during a major hack of Britain’s biggest outsourcer.
In the latest twist following a serious cyber attack on Capita, The Pensions Regulator said it had told schemes that use the company as an administrator to determine whether pensioners’ personal data is at risk.
Capita, which is also a major UK government contractor, provides administration services to about 450 organisations representing 4.5 million savers, including Royal Mail, Axa and PwC.
The company initially claimed that there was no evidence of data being stolen when the cyber gang “Black Basta” hacked its systems in late March.
But just weeks later, Capita was forced to admit that an unknown amount of data was in fact taken after information held on behalf of some customers began to circulate online, including passport images, home addresses and even building floor plans.
On Sunday, The Pensions Regulator confirmed it had written to schemes that use Capita to establish whether they were in touch with the company and had been seeking assurances.
The letter, which was first reported by The Sunday Times, also reminded trustees of their responsibilities to safeguard the data of their members.
A spokesman for The Pensions Regulator said: “We take IT security and the risk of cyber attacks extremely seriously. That’s why we have issued guidance for trustees.
“In light of the cyber incident directed at Capita, we have asked trustees of schemes which employ Capita as their administrator to speak with the company to understand more about the situation and to help determine whether there is a risk to their scheme’s data.
“If a trustee establishes that their scheme has suffered a data loss, they have a duty to notify The Pension Regulator, other authorities and impacted individuals.”
In a statement, Capita said it had been in touch with schemes and would keep them updated as an investigation into the hack – already a month old – progressed.
The company’s response to the cyber attack has previously been criticised as slow by experts, who questioned why it took so long for bosses to admit the business had been hacked – given that it appeared to have been a victim of overt ransomware.
A statement by Capita last month revealed that hackers had been operating inside its systems, undetected, for a full nine days before they were discovered and stopped.
The company has not provided any detail about the kind of information that may have been taken but insists that only a small proportion of its computer servers were compromised.
Alongside pension schemes, other clients include the NHS, the Ministry of Defence and the BBC, for which Capita collects the licence fee.
The Government remains in regular contact with the company, with the National Cyber Security Centre, part of GCHQ, previously revealing it was still seeking reassurances from Capita that key national infrastructure had not been compromised.
There was no evidence that any government systems had been compromised so far, a senior figure from NCSC told the Telegraph in April.
Source link
