Hundreds of pension schemes have been ordered to check whether their data was stolen by cyber criminals during a major hack of Britain’s biggest outsourcer.
In the latest twist following a serious cyber attack on Capita, the Pensions Regulator said it had told schemes that use the company as an administrator to determine whether pensioners’ personal data is at risk.
Capita, which is also a major UK Government contractor, provides administration services to about 450 organisations representing 4.5million savers,
The Telegraph says the company initially stated that there was no evidence of data being stolen when a cyber gang hacked its systems in late March.
But, just weeks later, Capita was forced to admit that an unknown amount of data was in fact taken after information held on behalf of some customers began to circulate online, including passport images, home addresses and even building floor plans.
Written to schemes
On Sunday, the Pensions Regulator confirmed it had written to schemes that use Capita to establish whether they were in touch with the company and had been seeking assurances.
The letter also reminded trustees of their responsibilities to safeguard the data of their members.
In a statement, Capita said it had been in touch with schemes and would keep them updated as an investigation into the hack progressed.
The company’s response to the cyber attack has previously been criticised as slow by experts, who questioned why it took so long for bosses to admit the business had been hacked – given that it appeared to have been a victim of overt ransomware.
A previous statement by Capita revealed that hackers had been operating inside its systems, undetected, for a full nine days before they were discovered and stopped.
The company has not provided any detail about the kind of information that may have been taken, but insists that only a small proportion of its computer servers were compromised.