Particle.news
Download on the App Store
10 ARTICLES
·
3h ago

ICO Fines Capita £14 Million Over 2023 Cyberattack

Regulators lowered the figure after post-attack improvements.

Capita's logo is pictured on a smartphone in front of an electronic display showing the same logo in this illustration taken, December 4, 2021. REUTERS/Dado Ruvic/Illustration
Image
Image
Nearly one terabyte of data was infiltrated, affecting around 6.6 million customers

Overview

  • Under a voluntary settlement, the ICO split the penalty between Capita plc (£8m) and Capita Pension Solutions (£6m).
  • The March 2023 breach affected about 6.6 million people and 325 pension clients, exposing pension and staff records and, in some cases, special category data.
  • The ICO found a 58-hour delay in quarantining an infected device, an understaffed security operations centre, and no tiered admin controls, enabling privilege escalation and lateral movement.
  • Attackers exfiltrated roughly 1 TB of data before deploying ransomware on March 31, with the Black Basta group later claiming the incident and leaking files.
  • Capita says it has strengthened cybersecurity and will not appeal, while thousands of legal claims continue and 2025 free cash outflow guidance has risen to £59m–£79m from £45m–£65m.