Government contractor Capita reveals ‘limited’ customer, supplier and colleague details may have been accessed by hackers in recent cyber attack
- Earlier this month Capita said there was no damage of data being accessed
- Today they revealed a ‘limited’ breach which might include customer data
- Capital is the latest firm to fall afoul of hackers after Royal Mail and WH Smith
Outsourcing firm and government contractor Capita said customer, supplier or colleague data may have been stolen by hackers in a recent cyber attack on the firm.
The group – a major contractor for local authorities – said investigations since the hack was discovered on March 31 have shown evidence of a ‘limited’ data breach.
It said this ‘might include customer, supplier or colleague data’.
‘Capita continues to work through its forensic investigations and will inform any customers, suppliers or colleagues that are impacted in a timely manner,’ it said.
It marks the latest in a recent spate of cyber attacks, with high street retailer WH Smith suffering its second hack in less than a year last month and Royal Mail’s international postal service suffering lengthy disruption after hackers targeted the group.
Tech issues: The outsourcing company has admitted that an IT issue had affected some client services and disrupted access to its internal Microsoft Office 365 applications
When announcing the attack earlier this month, Capita said there had been ‘disruption’ to some services provided to clients, by primarily affecting ‘access to internal Microsoft Office 365 applications’.
The firm has now restored staff access to Microsoft Office 365 after the attack, which was announced on April 3.
It claimed that no data had been stolen, saying there was ‘no evidence of customer, supplier or colleague data having been compromised’.
They today admitted that some data had been ‘exfiltrated’, or transferred from the site.
Shares in the firm opened down on Friday, dropping from 35p per share to 33.3p per share from 8am to 8.05am.
Companies that use Capita for call centre services, such as O2, were affected, it is understood.
Local authorities, such as Barnet Council in London, also said the IT issue impacted some customer service lines.
Capita insisted the majority of its client services were unaffected and remained in operation and that it has now ‘restored virtually all client services that were impacted’.
It said: ‘In parallel with the services restoration activity, Capita has continued to work closely and at speed with specialist advisers and forensic experts in investigating the incident to provide assurance around any potential customer, supplier or colleague data exfiltration.’
The group said its investigations so far suggest hackers first breached its systems on or around March 22, which it discovered and interrupted on March 31.
About 4 percent of its server estate was affected, it said.
As well as councils and the National Health Service, Capita holds contracts with government organisations like the National Cyber Security Centre, whose parent arm is GCHQ.
It also provides services on behalf of the Cabinet Office, HM Revenue & Customs, the Ministry of Justice, numerous police forces, and runs the London Congestion Charge Scheme.
Besides public bodies, the firm operates call centres for car manufacturer BMW, bookmaker William Hill, Thames Water, telecoms group O2, and the RSPCA.
Under the leadership of Jon Lewis, who arrived in 2017, Capita has sold off large sections of the company in order to reduce debt, focus on core operations and transform the firm into a hi-tech business.
Among the companies sold by Capita in 2022 included its payment transactions subsidiary Pay360 Limited, two real estate and infrastructure consultancies, and IT services firm Trustmarque.
Source: Read Full Article