Encircle News!

Retro Game Arcade
, , , , ,

Capita breach fallout widens as customers learn of data theft

Carly Page

The fallout from Capita’s cyber incident continues as customers say the British outsourcing giant has told them to assume that data was stolen by hackers.

The Universities Superannuation Scheme (USS), the U.K.’s largest private pension provider, said on Friday that the personal details of almost half a million members were held on servers accessed during the recent breach.

The USS, which uses Capita’s online pensions administration system Hartlink, said Capita informed it on May 11 that the personal details of 470,000 active, deferred and retired members had potentially been accessed. This data included members’ names, dates of birth, National Insurance numbers, and USS member numbers.

“While Capita cannot currently confirm if this data was definitively ‘exfiltrated’ (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was,” USS said in a statement. “We are awaiting receipt of the specific data from Capita, which we will in turn need to check and process.”

USS said it will contact affected members (and their employers, if applicable) as soon as possible to apologize and provide ongoing support and advice.

When reached by TechCrunch, Capita spokesperson Elizabeth Lee declined to say how many customers may have had data exfiltrated due to the April breach, or whether the company had the technical means, such as logging, to detect what — if any — data was accessed.

The Telegraph reports that the Capita attack affected as many as 350 U.K. corporate retirement schemes, “making it the largest such hack in British history.” Other pension providers that use Capita’s Hartlink system include AT&T Pension Scheme, the Royal Mail Statutory Pension Scheme, and Wincanton Pensions.

Capita said in mid-April that customers’ data might have been breached but added that it only had evidence of a “limited” loss of information which “might include customer, supplier or colleague data.”

While Capita claims data loss was “limited”, a non-public page on the leak site of the Russia-speaking Black Basta ransomware gang, seen by TechCrunch, showed samples of the stolen Capita data, which included bank account details, passport photos and driver’s licenses, and the personal data of teachers applying for jobs at schools. These files have not yet been shared publicly by Black Basta and it’s not known whether a ransom demand was paid.

A second security incident

Capita confirmed a second cybersecurity incident in May.

TechCrunch learned that the London-based firm left 3,000 files, totaling 655 gigabytes in size, exposed to the internet since 2016. At the time, Capita told TechCrunch that the unsecured bucket contained  “information such as release notes and user guides, which are routinely published alongside software releases in line with standard industry practice.”

However, Colchester City Council on Friday confirmed that it recently learned of “the unsafe storage of personal data by its financial services contractor, Capita.” It said that the security lapse, which “affected several other local authorities around the country,” relates to historical data, though it’s not known exactly what data was exposed or whether the incident related to the May data breach.

Scott Collins, a spokesperson for Colchester City Council, confirmed to TechCrunch that the council’s statement relates to Capita’s May data exposure, and screenshots of the data seen show that data pertaining to Colchester City Council was included in the AWS bucket, which has since been secured.

In its Friday statement, Colchester City Council’s chief operating officer Richard Block said the council was “extremely disappointed” about the data breach and is “robustly addressing the matter with Capita.” Collins added that the company doesn’t yet know the “full extent of the breach, nor the exact numbers involved.”

Capita did not respond to TechCrunch’s questions related to the second data breach.

Capita breach fallout widens as customers learn of data theft by Carly Page originally published on TechCrunch

https://techcrunch.com/2023/05/15/capita-breach-fallout-widens-as-customers-learn-of-data-theft/

Follow Us

Featured Posts

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1011: The Year in Review – A Look at the Top Stories of 2024 This Week in Tech (Audio)

What's behind the tech industry's mass layoffs in 2024? : NPR Rabbit R1 AI Assistant: Price, Specs, Release Date | WIRED Stealing everything you've ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. Microsoft delays Recall after security concerns, and asks Windows Insiders for help The Qualcomm Snapdragon X Architecture Deep Dive: Getting To Know Oryon and Adreno X1 Elon Musk: First Human Receives Neuralink Brain Chip Apple hit with €1.8bn fine for breaking EU law over music streaming Bluesky emerges The hidden high cost of return-to-office mandates Apple's Car Was Doomed by Its Lofty Ambitions to Outdo Tesla SpaceX pulls off unprecedented feat, grabs descending rocket with mechanical arms U.S. versus Apple: A first reaction Google Says It Won't Force Gemini on Partners in Antitrust Remedy Proposal U.S. Accuses Chinese Hackers of Targeting Critical Infrastructure in America U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack AT&T says criminals stole phone records of 'nearly all' customers in new data breach National Public Data confirms breach exposing Social Security numbers Schools Want to Ban Phones. Parents Say No. New York passes legislation that would ban 'addictive' social media algorithms for kids GPT-4o (omni) + new "Her"-style AI assistant (it's nuts) Google emissions jump nearly 50% over five years as AI use surges Trump proposes strategic national crypto stockpile at Bitcoin Conference Ten additional US states join DOJ antitrust lawsuit looking to break up Live Nation and TicketmasterThe Internet Archive just lost its appeal over ebook lending Hezbollah Pagers Explode in Apparent Attack Across Lebanon OpenAI raises $6.6 billion in largest VC round ever Painting by A.I.-Powered Robot Sells for $1.1 Million Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Infowars Sale to The Onion Rejected by Federal Bankruptcy Judge Supreme Court agrees to hear challenge to TikTok ban So You Want to Solve the NJ Drone Mystery? Our Expert Has Some Ideas Beeper's push for iMessage on Android is really over The Quiet Death of Ello's Big Dreams Japan finally ends mandatory form submission on floppy disks We'll Miss You: Pioneering instant messaging program ICQ is finally shutting down after nearly 30 years Spotify is going to break every Car Thing gadget it ever sold Game Informer to Shut Down After 33 Years In Memoriam Host: Leo Laporte Guests: Fr. Robert Ballecer, SJ, Richard Campbell, and Mikah Sargent Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: bitwarden.com/twit
  1. TWiT 1011: The Year in Review – A Look at the Top Stories of 2024
  2. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  3. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  4. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  5. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI