Capita says no evidence of data breach after cyberattack

Capita is one of the government’s biggest suppliers with £6.5 billion in public sector contracts

Posted 4 April 2023 by Christine Horton

Government contractor Capita has said there is “no evidence” that any data was compromised after a cyber incident last Friday left staff unable to access systems.

The company, which is a major contractor for local authorities, said the incident also caused disruption to some services. Local authorities, such as Barnet Council in London, reported that the IT issue impacted some customer service lines.

Capita employs more than 50,000 people in Britain and is one of the government’s biggest suppliers. The company has £6.5 billion-worth of public sector contracts, including London’s congestion charge system and recruitment for the army. Its largest government customer is the Department for Work and Pensions (DWP), which has contracted £2 billion of work to Capita, mostly on its disability payment assessment services, although it also serves the National Cyber Security Centre (NCSC), the Cabinet Office and other government agencies.

Along with the London borough of Barnet, Capita also holds contracts with Barking and Dagenham, and with South Oxfordshire council, whose websites displayed messages on Friday saying that phone lines for benefits, council tax and business rates call centres were down.

No access to Microsoft 365

On Monday, Capita said the IT failure primarily affected access to internal Microsoft Office 365 applications.

In a statement the firm said: “On Friday 31st March, Capita plc experienced a cyber incident primarily impacting access to internal Microsoft Office 365 applications. This caused disruption to some services provided to individual clients, though the majority of our client services remained in operation.”

The group’s security monitoring “swiftly alerted” it to the incident and technical crisis management protocols were then put in place, it said.

“Immediate steps were taken to successfully isolate and contain the issue,” the group added, in a statement to the stock market, as per The Independent. “The issue was limited to parts of the Capita network and there is no evidence of customer, supplier or colleague data having been compromised.”

On Monday Capita said it had restored Capita staff access to Microsoft Office 365 and is “making good progress” in restoring remaining client services.