Add thelocalreport.in As A Trusted Source
outsourcing giants Person It has been fined £14m by the Information Commissioner’s Office (ICO) for failing to protect the personal data of 6.6 million people after hackers stole their information. cyber attack in 2023,
The data watchdog confirmed that the March 2023 breach exposed a wide range of personal information, including pension details, staff records and customer data from organizations supported by Capita.
Crucially, this also includes highly sensitive categories such as criminal records, financial details and ‘special category data’ covering race, religion and sexual orientation.
The ICO split the fine, imposing £8 million against Capita and £6 million against Capita Pension Solutions. Later, 325 affiliated organizations, processing data for more than 600 pension plans, were also affected by the breach.
John EdwardsThe UK Information Commissioner said: “Capita failed in its duty to protect the data entrusted to it by millions of people.
“The scale and impact of this breach could have been prevented if adequate security measures had been taken.”
The ICO said Capita failed to ensure the security of the processing of personal data, leaving it at “significant risk”, adding that the company also lacked “appropriate technical and organizational measures to respond effectively to the attack”.
The ICO had initially proposed a combined fine of £45m, but said this was reduced as part of the voluntary settlement and as it took into account the actions taken by Capita following the hack to improve its systems, provide support to those affected and engage with cyber authorities and regulators.
Capita said: “We regret this incident and can reaffirm that following a detailed forensic investigation, all those potentially affected were contacted following the attack.”
Capita chief executive Adolfo Hernandez, who takes up the post in 2024, said the company was “the first in a recent wave of highly significant cyber attacks on large UK companies”.
He added: “When I joined ceo A year after the attack I accelerated our cybersecurity transformation with new digital and technology leadership and significant investment.
“As a result, we have greatly strengthened our cybersecurity posture, building advanced defenses and embedding a culture of constant vigilance.”
Capita has already taken a huge financial hit cyber attackIt is estimated that this could cost up to £25 million in the summer of 2023 as it will have to pay for specialist professional fees, recovery and remediation costs and investment in its cyber security.
This was before taking into account any potential fines.
The ICO said the attack began when a malicious file was inadvertently downloaded to an employee’s device on March 22, 2023.
“Despite issuing a high-priority security alert within 10 minutes of the breach and taking some immediate automated action, Capita did not isolate the device for 58 hours, during which the attacker was able to exploit its systems,” the ICO said.
The target response time according to the ICO is one hour.
The hacker was able to remain in the system, gain administrator permission, and access other areas of the network, before deploying ransomware on Capita’s systems on March 31, resetting all user passwords and preventing Capita employees from accessing their systems and network.
It came amid a spate of cyber incidents in 2023, with high street retailer WH Smith suffering its second hack in less than a year in March of the same year and Royal Mail’s international postal service facing prolonged disruption after hackers targeted the group.
This year has been another year of high profile cyber attacks jaguar land rover Still recovering from a damaging hack just months after Mark’s End wig Was badly beaten.