Almost six weeks after Capita – The UK outsourcing company which runs many government and private company schemes – admitted to the fact that they had been targeted by a cyber attack, the company has warned the largest private pension scheme in the UK (Universities Superannuation Scheme (USS)), to react to the incident under the assumption that their members’ data was stolen.
The attack which Capita initially played off as being a minor issue that had affected 0.1% of its server estate has now become the UKs biggest data breach with just the USS portion affecting as many as 470,000 members. Factor in the fact that Capita are suggesting that as many as 350 pension schemes may have been impacted.
In a statement from USS on Friday, the organisation said that whilst it is not certain that active, deferred, and retired members’ personal information, including names, dates of birth, National Insurance numbers, and USS member numbers had been exfiltrated in the attack, it should be assumed that it has.
USS go on to say that they “have reported the incident to the ICO and will work with them on any investigation they choose to conduct and any recommendations they might subsequently make to USS. We have also informed the Pensions Regulator and the Financial Conduct Authority.”
The statement also says that USS are awaiting receipt of specific data from Capita, which they will need to check and process and that they will be writing to each of the members affected by this – and, where applicable, their employers – as soon as possible to make them aware, to apologise for any distress or inconvenience caused, and to provide ongoing support and advice.
It still remains to be seen exactly the scale of this data breach, and I fully expect more updates on this topic as time progresses.