"Capita has been fined £14 million by the Information Commissioner's Office (ICO) for serious data protection failures following a major cyber-attack in March 2023 that compromised the personal details of 6.6 million people across the UK. The attack, which saw hackers infiltrate Capita's systems and extract nearly one terabyte of sensitive data, affected customers, pension scheme members, and staff of one of Britain's largest outsourcing firms."
"In its report, the ICO described the incident as "a systemic failure to apply basic cyber hygiene", concluding that the breach caused "significant distress and anxiety" for millions of people whose financial, employment, and personal data was exposed. According to the regulator, Capita detected the breach within 10 minutes of the hackers gaining access but failed to isolate the infected device for 58 hours, a delay that allowed ransomware to spread and data to be exfiltrated."
A March 2023 cyber-attack on Capita compromised the personal details of 6.6 million people and saw nearly one terabyte of sensitive data extracted. The stolen material included financial data, criminal record checks, and special category data revealing race, religion, sexual orientation, and health status. The ICO described the incident as a systemic failure to apply basic cyber hygiene and found known vulnerabilities, an understaffed security operations centre, and inadequate testing of defences. Capita detected the breach within 10 minutes but did not isolate the infected device for 58 hours, allowing ransomware to spread and data to be exfiltrated. The penalty totals £14 million, split between Capita plc and Capita Pension Solutions after reductions for remediation and cooperation.
Read at Business Matters
Unable to calculate read time
Collection
[
|
...
]