Around 90 organisations have reported breaches of personal data held by Capita after a ransomware attack in March.
Capita, which is a major contractor for local authorities, originally denied the breach, saying there was “no evidence” that any data was compromised.
At the time the incident caused disruption to some services. Local authorities, such as Barnet Council in London, reported that the IT issue impacted some customer service lines.
Now, the Information Commissioners Office (ICO), has said that so far around 90 organisations had been in contact regarding Capita. Capita says it has taken steps to secure the data, but hundreds of thousands of people are now being warned that they could have been affected by the hack.
“We are receiving a large number of reports from organisations directly affected by these incidents and we are currently making enquiries,” said the ICO in a statement on its website.
One of the government’s biggest suppliers
Capita employs more than 50,000 people in Britain and is one of the government’s biggest suppliers. The company has £6.5 billion-worth of public sector contracts, including London’s congestion charge system and recruitment for the army. Its largest government customer is the Department for Work and Pensions (DWP), which has contracted £2 billion of work to Capita, mostly on its disability payment assessment services, although it also serves the National Cyber Security Centre (NCSC), the Cabinet Office and other government agencies.
Many company pension schemes administer payments through Capita and its clients also include councils.
If you liked this content…
Along with the London borough of Barnet, Capita also holds contracts with Barking and Dagenham, and with South Oxfordshire council, whose websites after the attack displayed messages saying that phone lines for benefits, council tax and business rates call centres were down.
Pensions data at risk
Following the first cyberattack, it emerged in May that Capita had left a repository of files unsecured online.
The company said: “Capita continues to work closely with specialist advisers and forensic experts to investigate the cyber incident and we have taken extensive steps to recover and secure the data.”
The BBC reports that a number of councils have said they believe personal data was put at risk, although Capita initially told journalists it did not believe that this was the case.
The ICO is encouraging organisations to see if personal data they hold has been affected by the attack or by the exposed data.
The cyberattack in March hit a number of pension funds which use a Capita system called Hartlink.
Earlier this month, The Pensions Regulator (TPP) wrote to more than 300 pension funds asking them to check if their data had been put at risk by the attack.
