One of Britain’s biggest outsourcers has admitted that pensions data was “likely” stolen in a Russia-linked cyber attack earlier this year.
Capita, which works with providers including Aviva and Phoenix, has written to City clients saying that pensions data was likely “exfiltrated” by Russian-speaking ransomware gang Black Basta during a serious cyber attack in late March, the Financial Times reported.
In a message sent to clients on Thursday, Capita said: “To be clear, this does not necessarily mean that your data has been identified as exfiltrated, it means that your data was on [Capita] servers from which some data is likely to have been exfiltrated.”
The realisation follows Capita’s internal investigation, which involved searching servers impacted by the hack to understand what data has been lost.
Capita provides administration services to around 450 organisations, including Royal Mail, Axa and PwC.
The company is one of the biggest government contractors. Capita holds a £456m contract to collect and enforce the BBC TV licence fee, runs the Ministry of Defence's military recruitment process, and handles substantial parts of the NHS’s IT services.
Hundreds of pension schemes that use Capita as an administrator were recently told by the watchdog to check whether their pensioners’ personal data was at risk. The Pensions Regulator urged schemes to seek assurances from Capita.
Aviva told the Financial Times earlier this week there was “no evidence” that any data had been accessed, while Phoenix was reported to have had “confirmation” its customers were not impacted.
Capita initially suggested that no data at all was stolen during the cyber attack but was later forced to backtrack after sensitive information – including primary school vetting documents – appeared on the dark web.
The outsourcer told clients on Thursday that there is “no evidence” pensions data is available on the dark web and has recruited a third-party specialist to monitor the situation.
Capita also said it has rebuilt its server systems to reduce the risk of another cyberattack.
The outsourcer told the Financial Times: “Capita continues to work through its forensic investigations and inform any customers, suppliers or colleagues that are impacted in a timely manner.”
Its investigation is expected to conclude by the end of next week.
Capita was contacted for comment.