UK Outsourcing Giant Capita Slammed with £14M Fine After Cyber Hack Exposes 6.6M People’s Data
Read Time:1 Minute, 53 Second
Capita Cyber Breach Bombshell: £14M Penalty for Massive Data Theft Affecting Millions
London, UK – The UK’s data watchdog has slapped outsourcing behemoth Capita with a £14 million fine over a catastrophic 2023 cyber-attack that exposed the personal details of 6.6 million individuals, including sensitive pension records and criminal histories.
The Information Commissioner’s Office (ICO) announced the penalty on Tuesday, slashing an initial £45 million proposal after Capita demonstrated post-breach security upgrades, victim support initiatives, and collaboration with regulators like the National Cyber Security Centre (NCSC).
The breach unfolded on March 31, 2023, when hackers—linked to the Black Basta ransomware group—exploited unpatched vulnerabilities to infiltrate Capita’s systems. They siphoned nearly a terabyte of data before deploying ransomware that locked out 59,000 accounts and forced a global password reset.
Compounding the disaster, Capita took 58 hours to isolate the compromised device, giving attackers free rein to plunder records from 325 pension schemes across 600+ organizations. Stolen info ranged from home addresses and passport scans to financial details, biometrics, and “special category” data like race, religion, sexual orientation, and criminal convictions.
ICO Commissioner John Edwards lambasted Capita’s pre-attack lapses: understaffed security teams, unaddressed known flaws, and skimpy defense testing despite handling millions of records for public and private clients. “Capita failed in its duty to protect the data entrusted to it by millions of people,” Edwards declared.
Capita, which raked in £2.4 billion in 2024 revenue and counts the BBC and government agencies among its clients, vowed not to appeal. CEO Adolfo Hernandez, who joined in 2024, called it a “significant cyber attack” and highlighted bolstered defenses: “We have hugely strengthened our cyber-security resilience and remain vigilant.”
The fallout ripples into compensation claims, with firms like Consumer Voice teaming up with lawyers to aid affected pension holders in seeking redress. It echoes recent breaches, like the Co-op’s 6.5 million customer data theft earlier this year.
Cyber experts hailed the ICO’s move as a market wake-up call. “Companies being held financially accountable for data protection failings is a good thing,” said Trevor Dearing of Illumio. “It sends a message that regulators are serious.” For Capita, the fine underscores the high stakes of safeguarding the digital vaults of modern Britain.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
Average Rating