Capita, a UK-based outsourcing company, announced it will have costs of up to £20m after a cyber breach earlier this year.

The company, which provides consulting services to over 150 pension schemes, said it was taking steps to secure its systems after the incident compromised data within less than 0.1% of its server estate. 

Capita said it will have to spend up to £20m on tightening its cybersecurity as well as paying specialist professional fees. 

Sensitive pension information held by Capita, including passport images and addresses, reportedly began being posted on the dark web after the hack in March. 

“Capita is working closely with all appropriate regulatory authorities and with customers, suppliers and colleagues to notify those affected and take any remaining necessary steps to address the incident,” a company spokesperson said. 

Despite the cyber breach, Capita said it is still trading on track with predictions, and has posted in-year-revenue of £449m for the first four months of the year, a 16% increase on last year. 

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Shortly after the breach in March, 2023, the UK’s Pensions Regulator asked trustees responsible for funds that use Capita as an administrator to check if data had been breached.

Brian Higgins, security specialist at Comparitech, told Verdict: “It makes perfect sense for the regulator to advise Capita clients to seek information from the source.

“Were they to make public any kind of list, it would be open season for every cybercrime organisation to fire up their SIM-farms or staff-up their call centres and phishing campaigns to go after every potential customer.”

Capita said it has been in regular contact with authorities since the hack and will remain vigilant with the investigation. 

GlobalData is the parent company of Verdict and its sister publication.