UK Regulators Urge Capita PLC Clients to Assess Effects of Data Breach

On
March
22,
2023,
Capita
PLC
(“Capita”)
experienced
a
cyber
incident
which
it
announced
in
a

press
release
on
April
3,
2023
and
an

update
on
April
20,
2023.
Capita
identified
the
incident
on
March
31,
2023,
and
confirmed
the
incident
caused
disruption
to
some
services
provided
to
individual
clients,
which
has
now
been
resolved.
On
April
21,
2023,
the
UK
Information
Commissioner’s
Office
(“ICO”)
issued
a

statement
confirming
that
Capita
reported
the
incident
and
the
ICO
is
investigating.
The
ICO
also
noted
that
other
organizations
affected
by
the
incident
should
“consider
their
position[s]”
and,
if
necessary,
submit
a
breach
notification.

Since
the
ICO
statement,
the
UK
Pensions
Regulator
has
asked
trustees
responsible
for
funds
that
use
Capita
as
an
administrator
to
assess
whether
clients’
data
is
at
risk.
In
a
letter
written
by
the
Pensions
Regulator,
it
urged
funds
to
“determine
whether
there
is
a
risk
to
their
scheme’s
data.”
In
addition,
the
UK
Financial
Conduct
Authority
(“FCA”)
has
urged
FCA-regulated
firms,
such
as
funds
and
insurers
who
engage
with
Capita,
to
determine
whether
any
data
they
are
responsible
for
has
been
affected
by
the
incident.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts