The UK’s Information Commissioner’s Office (ICO) has fined Capita £14 million ($18.7 million) for a 2023 data breach that exposed the personal information of around 6.6 million people.
The incident affected hundreds of organizations, including 325 pension scheme providers across the country.
Capita, a major outsourcing and professional services company working with the NHS, Ministry of Defence, and local councils, suffered the breach after an employee downloaded a malicious file in March 2023. The attack, claimed by the Black Basta ransomware gang, allowed hackers to access Capita’s internal network for 58 hours before systems were isolated.
The ICO found that Capita had poor access controls, delayed incident response, and an understaffed security operations center, which contributed to the scale of the breach. Nearly one terabyte of data was stolen before ransomware was deployed.
Originally set at £45 million, the fine was reduced after Capita accepted responsibility and took steps to improve its cybersecurity. The ICO fined Capita plc £8 million and Capita Pension Solutions Limited £6 million. CEO Adolfo Hernandez said the company has strengthened its security systems and that the fine will not impact its financial outlook.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
