Capita staffers told attackers stole data from its own pension fund

Capita has informed immoderate of its labor that its ain pension money was among nan victims of a cybercrime onslaught connected its system, resulting successful nan theft of their individual details, they say.

The exertion outsourcing institution – moving contracts worthy hundreds of millions successful nan UK – fto workers cognize their addresses, pension specifications and nationalist security numbers were among nan information taken by a Russian cybercrime group during a strategy breach successful March.

In a missive shared pinch UK newspaper The Times, Capita apparently told unit members a afloat 3 months aft nan breach that it had "identified grounds that nan pursuing individual information relating to you is wrong nan information compromised and/or copied from Capita's systems."

The missive said nan tech institution had hired a advisor to cheque information had not been sold connected nan acheronian web.

The Financial Times besides reported Capita arsenic saying: "We are informing those we person identified to beryllium affected by nan incident, and Capita colleagues are being contacted wherever basal arsenic portion of that process."

A Capita spokesperson told The Reg: "Capita continues to activity intimately pinch master advisers and forensic experts to analyse nan incident and we person taken extended steps to retrieve and unafraid nan data.

"This is simply a analyzable investigation and nan process is ongoing. In statement pinch our erstwhile announcement, we proceed to pass those affected."

The breach first emerged successful March, erstwhile Capita confirmed immoderate of its systems fell complete owed to "an IT issue."

Staff astatine nan London-based elephantine couldn't entree their ain activity email, their Microsoft unreality accounts, and different systems.

Capita took its soul systems offline successful precocious March and days later successful early April confirmed its infrastructure had been attacked. Russian ransomware unit Black Basta claimed responsibility. The institution has worked pinch nan National Cyber Security Centre and different forensic experts to comb done nan wreckage.

• Two apical execs discontinue Infosys specified months aft its president skipped
• Capita faces first ineligible Letter of Claim complete mega breach
• Capita wins £50M fraud reporting statement pinch City of London cops
• More UK councils caught by Capita's unfastened AWS bucket blunder

In May, early investigations indicated that 4 percent of its servers were accessed during nan 9 days nan criminals were inside, but later nan outsourcer revised this to 0.1 percent and admitted it had "evidence" customer information was stolen.

Capita administers 450 pension schemes pinch 4.3 cardinal members. The outsourcing institution has warned them of imaginable unauthorized entree to their information held connected servers progressive successful nan breach.

A spokesperson for The Pensions Regulator told america backmost successful May: "We proceed to activity very intimately pinch strategy trustees, different regulators and Capita. We are calling connected each trustees to activity pinch Capita to understand really their strategy has been impacted, to fulfil their responsibilities arsenic information controllers, and to pass members of nan threat of scams and really to protect themselves. We are pursuing up robustly pinch each pension schemes administered by Capita to guarantee they do so."

Capita is already facing its first ineligible declare complete nan information breach. In June, Barings Law, based successful England's northwest, said it had dispatched a Letter of Claim to Capita to outline its clients' lawsuit and their database of worries.

It is estimated it will costs nan outsourcing biz astir £20 cardinal ($26 million) to cleanable up. ®