Capita customer data stolen in by ransomware in March
Learn More
Capita, a public sector outsourcer, confirmed that it experienced a ransomware attack in March 2023, resulting in the theft of confidential customer data from its servers.
The attack, attributed to the Black Basta ransomware group, claims it's selling the exfiltrated data on the dark web.
Capita believes that the unauthorized access by the ransomware operator occurred on March 22 and lasted for a week before being detected on March 31.
A “second data breach emerged in later when it was reported that the firm had left benefits data files in publicly accessible AWS S3 storage.”
At least 90 organisations having reported data breaches relating to two security incidents at the outsourcing giant.
Evidence suggests that data, potentially including customer, supplier, or colleague information, was exfiltrated from the affected servers. Capita is conducting forensic investigations and will notify impacted customers, suppliers, and colleagues accordingly. The organization has restored internal access to Microsoft Office 365 and most of the affected client services.
Update - on 6th of July it was reported that Capita has written to some of its own employees to inform them that their personal information had been identified among the stolen data.
This data included
- names,
- dates of birth,
- marital status,
- addresses,
- postcodes,
- salaries,
- email addresses,
- employment details and history.
Capita stated that they were taking “extensive steps” to recover and secure the data and had appointed a consultant to check data was not sold on the dark web. Employees are being offered a year’s free access to a credit-monitoring service.
