Data Breach

Capita warns customers to assume that their data was stolen

UK outsourcing giant Capita is informing customers that their data may have been stolen in the cyberattack that hit the company in early April.

In early April, the UK outsourcing giant Capita confirmed that its staff was locked out of their accounts on Friday after a cyber incident.

Capita is one of the government’s biggest suppliers, with £6.5bn of public sector contracts, reported The Guardian. The outsourcing firm signed numerous contracts with the Ministry of Defence.

In an update shared on April 3 about the incident, the company announced it has experienced a cyber incident primarily impacting access to internal Microsoft Office 365 applications. 

The attack disrupted some services provided to individual clients, but the company pointed out that the majority of its client services were not impacted.

CapitaCapita

“Our IT security monitoring capabilities swiftly alerted us to the incident, and we quickly invoked our established and practised technical crisis management protocols. Immediate steps were taken to successfully isolate and contain the issue. The issue was limited to parts of the Capita network and there is no evidence of customer, supplier or colleague data having been compromised.” reads the update.

“Working in collaboration with our specialist technical partners, we have restored Capita colleague access to Microsoft Office 365 and we are making good progress restoring remaining client services in a secure and controlled manner.”

On April 17, the Black Basta ransomware gang added Capita to its data leak site, claiming the theft of personal and financial data, including bank account details, physical addresses, and passport scans.

On May 10, the company published a new update that states that some data was exfiltrated from less than 0.1% of its server estate

“Capita expects to incur exceptional costs of approximately £15m to £20m associated with the cyber incident, comprising specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cyber security environment.” reads the new update.

On April 20, the company published an update to announce that it had experienced a cyber incident that impacted access to internal Microsoft Office 365 applications.

“From our investigations to date, it appears that the incident arose following initial unauthorised access on or around 22 March and was interrupted by Capita on 31 March. As a result of the interruption, the incident was significantly restricted, potentially affecting around 4% of Capita’s server estate.” states the company. “There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data.”

This week, the company informed Universities Superannuation Scheme (USS), the largest pension scheme in the UK, that their members’ data was stolen as a result of the incident.

Threat actors had access to Capita servers holding details for roughly 470,000 active, deferred, and retired members’ personal information.

Exposed data include names, dates of birth, National Insurance numbers, and USS member numbers.

“While it has been confirmed that USS member data held on Hartlink has not been compromised, we were informed on Thursday 11 May that regrettably details of USS members were held on the Capita servers accessed by the hackers.” reads a statement published by USS. “While Capita cannot currently confirm if this data was definitively “exfiltrated” (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was.”

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Capita)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Meta stopped covert operations from Iran, China, and Romania spreading propaganda

Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread…

10 hours ago

US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator

The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major…

20 hours ago

ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor<gwmw style="display:none;"></gwmw><gwmw style="display:none;"></gwmw>

ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its…

22 hours ago

Victoria’s Secret ‘s website offline following a cyberattack

Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats…

2 days ago

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a…

2 days ago

New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.

GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a…

2 days ago