Thousands of pension holders to sue Capita over ‘Russia-linked’ hack

[ad_1]

Adnan Malik, the firm’s head of data breach, said: “Our High Court action speaks volumes, echoing the concerns of thousands of distressed individuals.”

Other law firms have said they are planning further group actions against Capita over the cyber attack.

On March 31 last year, Capita suffered a “cyber incident” that disrupted its operations. It later warned many of its pension scheme customers, which used Capita’s administration services, they may have been impacted by the attack.

Last summer, Capita said the fallout of the cyber attack could cost it up to £25m. Capita’s shares have fallen almost 50pc since it first disclosed the attack in April last year, giving the group a value of around £340m.

Cyber security experts blamed the breach on Black Basta, a Russian ransomware hacking group that has unleashed a wave of attacks against Western companies.

The gang has successfully extorted $100m (£78m) from victims since it emerged in 2022, according to cryptocurrency analytics company Elliptic.

Black Basta has attacked more than 329 organisations, the researchers said, typically using computer malware that infects victims’ computers through emails.

In a report in November, Elliptic said: “The group employs double-extortion tactics whereby they extort the victim by threatening to publish stolen data unless the victim pays a ransom.”

Capita has not commented on whether or not it paid a ransom to the attackers.

While the hack impacted its pensions arm, IT outsourcer Capita also holds billions of pounds in public sector contracts, including deals to collect licence fee payments for the BBC and providing training to the Royal Navy.

At the time of the attack, Capita said around 0.1pc of its server estate had been impacted by the breach and it had blocked access to its Office 365 applications. The company said the attack had been “significantly restricted” after it was discovered and that there was only evidence of “limited data exfiltration”.

Capita said in August the exposed data was later “recovered” and made secure.

A Capita spokesman said: “There is no evidence of any information in circulation, on the dark web or otherwise, resulting from the cyber incident, and no evidence linking Capita data to fraudulent activity.

“Whilst we don’t comment on specific ongoing legal matters, we strongly reject any suggestion that there is any valid basis for bringing a claim against Capita. We hold and process data in compliance with all applicable laws and regulations.”

Capita previously said it had invested in a multi-million pound programme to upgrade its cyber security systems, which it had accelerated in the wake of the hack last March.

[ad_2]

Source link