Regulators have urged UK pensions schemes to investigate whether they have suffered data breaches following a cyber attack on outsourcer Capita.
The Pensions Regulator on Sunday said it had written to the hundreds of pension funds that employ Capita to administer their payment systems, urging them to “determine whether there is a risk to their scheme’s data”.
London-listed Capita disclosed earlier this month that hackers might have accessed customer data following a cyber attack on its servers in March.
The Pensions Regulator wrote to more than 300 pension funds, which include a mix of private-sector defined benefit and defined contribution schemes, according to a person familiar with the matter.
In the letter, which was first reported by the Sunday Times, the regulator asked trustees to contact Capita to find out whether their data could have been caught up in the breach, and reminded schemes of the responsibility to disclose any data losses to individuals and regulators.
“We take IT security and the risk of cyber attacks extremely seriously,” the regulator said in a statement.
The USS, the UK’s largest private sector pension plan, contracts Capita to administer its pensions software for more than 465,000 members. USS did not immediately respond to a request seeking comment on whether it received a letter from the regulator.
Capita is a major outsourcer to both the private and public sectors and is one of the UK government’s biggest contractors.
The company provides IT services among its businesses, which also include running the London congestion charging zone, collecting the BBC licence fee and overseeing training for the Royal Navy.
Capita in late March first disclosed an “IT issue” that left staff unable to access some systems and disrupted services provided to local authority clients.
The outsourcer confirmed on April 20 that there had been a data breach and that hackers may have accessed customer and internal data. It said the incident affected about 4 per cent of its servers, and that it had found “some evidence of limited data exfiltration”.
It added that hackers accessed its servers on or around March 22, and it had managed to interrupt the operation on March 31 and had “significantly restricted” the incident.
The company has refused to confirm or deny whether the data breach formed part of a ransomware attack.
“Since March 31st we have been in regular contact with trustees and regulators, and we will keep them updated as our investigation into the cyber incident progresses,” Capita said in a statement on Sunday.
Ransomware attacks and other data breaches are a growing problem for global businesses, and have recently been reported at a supplier to the world’s largest semiconductor equipment manufacturers, Japan’s Fujitsu and the UK’s Royal Mail.
A September report from consultancy PwC found that only 14 per cent of global companies surveyed had not suffered a data breach in the past three years.
Comments are closed, but trackbacks and pingbacks are open.