This post is my 3rd one regarding the data breach at Capita which happened back in March and its really not good news.
Information is now coming to light that the attack has affected up to 350 corporate retirement schemes across the UK, making it the largest data breach in British history.
One of the affected funds is the the Universities Superannuation Scheme (USS), which is the biggest private pension fund in Britain,.
Administrators of the fund said on Friday that 470,000 of its members had had their data accessed by criminals through a piece of Capita software it uses.
Data stolen from the USS included pensioners’ names, dates of birth, and National Insurance numbers among other details.
It is thought similar information has been accessed at other funds.
The software targeted by the cyber criminals is called Hartlink, which pension schemes install on their websites to create a secure link for pensioners to view and manage their investments.
The list of companies thought to use Hartlink is extensive and includes companies such as Axa, EE, BAE Systems and Marks & Spencer among others.
Jon Lewis, Capita’s chief executive, claimed in April that his company’s response to the attack would “go down as a case history for how to deal with a sophisticated cyber attack”.
I think those words will haunt Mr. Lewis for a very long time, as it is becoming apparent that this attack, and Capitas response is nothing like how to deal with a cyber attack.
Many cyber security experts have suspected that Capita paid the ransom to Black Basta due to the fact that the data which was visible on the dark web site disappeared fairly quickly.
Capita have steadfastly refused to say if they paid the ransom, but considering this latest news, it is becoming more likely that the ransom was paid.
More news about this attack will surely come to light over the next few weeks – I’m sure this will not be my last update to this sorry story.