M&S and Diageo pension plans affected by Capita cyberattack

Featured Sponsor

Store	Link	Sample Product
UK Artful Impressions	Premiere Etsy Store

Tens of thousands of members of Marks and Spencer and Diageo pension schemes have been notified it is probable that personal data has been stolen by hackers during a cyber attack on Capita, the outsourcer.

Pension funds M&S and Diageo were among hundreds of private sector pension plans using Capita to support their pension administration services. Capita detected a cyber incident in March and confirmed in April that it had been hacked which affected some customers.

The M&S pension scheme on Thursday said Capita’s cybersecurity breach in March may have affected the personal data security of a “large proportion” of members of the scheme, including the “majority” of pensioners who had worked at the retailer .

He added that “if personal data is accessed, it could be used for fraud, identity theft or to send malicious emails.”

“Capita cannot be certain that this data has been accessed, but we believe it is appropriate to act as if this is the case and warn affected members of the potential risks,” the pension scheme said. in a statement, posted on its website.

According to its 2021 accounts, the M&S pension scheme had 106,000 members, of which around 53,000 were pensioners. The administrators of the M&S pension plan declined to comment beyond the website statement.

Meanwhile, Diageo said some of its 32,000 retirees were affected by the crash. He said he was still working with Capita to establish the full impact of the hack.

Some members of the Diageo pension scheme are now being offered free membership, by Capita, to a service that helps detect possible misuse of personal data.

A Diageo spokesperson said: “We have written to those members to assure them that there has been no impact on Diageo’s pension scheme and that their benefits are secure.” The impact on Diageo’s pension plan was first reported by The Scotsman.

Details about the impact of the cyber incident on Capita’s private sector clients emerged nearly two months after the outsourcer first reported a cyber incident. The outsourcer had initially said last month that “no evidence” indicated that customer data had been compromised by the hack.

USS, the UK’s largest private sector pension plan, said on Thursday it would offer free access to an identity protection service after their details were jeopardized by a Capita hack. USS is a Capita customer who announced this last week The details of 470,000 members were at risk.

“We will write to him [members] as soon as possible explaining how to do it [the identity protection service] it will work,” the USS said in a statement.

The USS declined to comment on how the Identity Theft Protection Service would be funded. But the company understood that this would not be paid for by members’ funds.

Aaron Le Marquer, partner and department head at Stewarts, a law firm, said it was highly likely that other affected pension plans or other financial institutions whose customer data is at risk of being compromised by the Capita breach offer similar protection to them. members or customers.

They would likely “seek to recover those costs from Capita, leading to the question of whether Capita is covered for such third-party liabilities under the terms of its cyber insurance,” it warned.

The USS declined to comment on whether it will retain Capita’s services.

Meanwhile, Derby City Council went last local authority to disclose that he was affected by a separate data security incident where files, including benefit payment details, were left exposed on a Unsecured Amazon Data Bucket controlled by Capita. The board said it was reviewing its agreements with Capita.

The Information Commissioner’s Office, the data regulator, has said that if an identity is stolen, the victim risks losing money and may find it difficult to obtain loans, credit cards or a mortgage.

Capita said it was notifying affected customers and was working closely with “specialist consultants and forensic experts to investigate the incident and we have taken thorough steps to recover and protect the data.” She has previously stated that “in cases where we need to provide additional support to those affected, we will.”