Capita, the British outsourcing company that provides critical services to the British government, says hackers may have gained access to customer data in a cyberattack last month.
The London-based outsourcing giant, whose clients include the NHS, the British Army and the Department for Work and Pensions, said in a statement rack on Thursday that the investigation into the March attack has uncovered evidence of “limited data exfiltration” that “may include customer, supplier or colleague data.”
Capita did not say how many customers were affected or what types of data were used. Russ Lynch, a spokesman for the agency representing Capita, told businessupdates.org the company would not comment beyond his statement.
Well, a Sunday Times report claimed that the Russian-speaking Black Basta ransomware group, which claimed responsibility for the attack, had published personal bank account information, passport photos and addresses, along with personal details of teachers applying for jobs in schools.
The gang is also believed to be responsible for the recent attack on US satellite television provider Dish.
At the time of writing, Capita is not listed on Black Basta’s dark web leak site, which ransomware groups typically use to extort companies to pay a ransom for not publishing stolen data.
Capital first confirmed that it had had an “IT problem” at the end of March, before later admitting on April 3 that a “cyber incident” was the cause of the outage, which prevented staff from accessing its VPN for login and Microsoft 365 services. At the same time, Capita claimed it had “no evidence that customer, supplier or colleague data had been compromised”.
The cyber attack also disrupted some of the services Capita provides to customers. Reports claim that local authorities, such as Barnet Council in London, were impacted by customer service lines, and companies using Capita for call center services, such as the O2 mobile network, were also affected.
UK government services also experienced disruption, according to Cabinet Office spokesman Conor Walsh, who told businessupdates.org the incident “mainly affected internal processes with minimal impact on government departments.”
“We are aware of the cyber incident that affected Capita and are still in regular contact with the company,” said the spokesperson. Capita has £6.5 billion ($8 billion) in public sector contracts, according to the Sunday Times.
In the latest update, Capita said it has now restored “virtually all affected client services” and restored employee access to Microsoft 365.
Thursday’s statement also confirms that hackers first compromised Capita’s internal systems on March 22, about nine days before Capita “interrupted” the March 31 breach.
“As a result of the outage, the incident was significantly mitigated, potentially affecting approximately 4% of Capita’s server park,” the statement read. “Capita is continuing its forensic investigations and will promptly notify any customers, suppliers or colleagues affected by this.”
The Information Commissioner’s Office, which enforces UK data protection laws, confirmed to businessupdates.org that “Capita has reported an incident to us and we are reviewing the information provided.”
