USS, the UK’s largest private sector pension plan, has warned that the personal data of around half a million members may have been stolen in a cyber attack on outsourcing group Capita.
The USS uses Capita’s technology to support its administrative processes. Last month, the British outsourcer confirmed that it suffered a decline cyber attack in late March.
The USS said it was notified Thursday that “unfortunately” the details, including names, birthdates and Social Security numbers, of approximately 470,000 members dating back to early 2021 were on Capita’s servers accessed by members. hackers.
“We are very sorry that a third party has had access to some USS member data held by Capita,” said Bill Galvin, USS Group Chief Executive Officer.
USS added while Capita could not confirm whether this data was definitively accessed or copied by hackers, they had recommended the pension group work under the assumption that it had. The retirement plan will write to its affected members as soon as possible and provide support and advice, she said.
The USS statement came nearly seven weeks after a cyber incident was first detected by Capita on March 22. This week Capita said the attack would cost up to £20m, though he declined to comment on whether she paid a ransom.
USS is among hundreds of private and public sector clients using Capita for outsourcing. Capita is one of the largest providers of software and IT services to the UK Government, as well as managing the London Congestion Charge Zone, collecting the BBC’s license fee and overseeing training for the Royal Navy.
It also provides services to doctors in England, assisting general practitioners, dentists, opticians and pharmacists with ordering medical supplies, accessing medical and pension records and processing payments.
Large life insurers such as Aviva, Phoenix, Pension Insurance Corporation and Just Group also use Capita to administer services such as pension payments and communications with savers.
Aviva reiterated on Friday that there was “no evidence” to suggest access to its customers’ data, while the other companies declined to comment. Capita previously told Phoenix that its data had not been compromised, according to someone familiar with the interaction.
Capita declined to say how many of its customers were affected by the hack.
But he said he was working closely with specialist consultants and forensic experts to investigate the incident and had taken “extensive measures” to recover and protect the data.
“In line with our previous announcement, we are now notifying those we have identified as affected,” Capita said in a statement.
The pensions regulator said it was continuing to work closely with the scheme trustees, other regulators and Capita on the incident. “We ask all trustees to work with Capita to understand how their scheme has been impacted,” TPR said.
—————————————————-
Source link