If you have a Marks & Spencer or Diageo pension plan, your personal information may have fallen into the hands of hackers.

The problem is that supermarket giant M&S and beverage company Diageo used Capita to manage their pensions, as do hundreds of other private sector retirement plans.

According to Capita, the hackers first entered the system around March 22, 2023 and weren’t discovered until the end of the month. During that time, the company said, the attackers stole data from “a small portion of the affected server assets, which may include customer, supplier and colleague data.”

Bad news for Capita.

Bad news for companies like M&S and Diageo, who trusted Capita to manage their data.

And of course, bad news for the more than 100,000 pensioners whose details may have been stolen by hackers.

Sign up for our free newsletter.
Security news, advice and tips.

If you think this is bad, that’s just the tip of the iceberg…

After Capita published the news of the security breach, the UK pension watchdog urged hundreds of pension funds to investigate whether customer data may have been compromised in the attack.

Shortly thereafter, the UK’s largest private pension scheme, the USS (Universities Superannuation Scheme), warned that the personal information of some 470,000 members may have been accessed during the Capita hack.

The details that may have been accessed included names, dates of birth, national insurance numbers, and USS membership numbers, according to USS.

USS said Capita could not at this time confirm whether the data was reliably accessed by hackers, but it would be prudent to assume so.

Capita is widely used by the UK Government, the NHS and many UK organizations, but has found itself in a very uncomfortable position having to deal with severe customer complaints.

Earlier this month, for example, the Colchester City Council publicly expressed its “extreme disappointment” with Capita as it tried to fully understand how the data breach occurred and what further steps were needed.

Colchester City Council said it was “considering what further action would be appropriate with respect to Capita”.

Other councils whose data has been reportedly compromised by the Capita hack include Adour and Worthing, Coventry City Council, Derby City Council, Rochford District Council and South Staffordshire.

Capita declined to say whether it was willing to pay the hackers a ransom, hoping to prevent the data from being released more widely.

Did you enjoy this article? Follow Graham Cluley on Twitter Or visit Mastodon to read more exclusive content we post.

Graham Cluley is an antivirus industry veteran who has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent security he makes regular media appearances as an analyst and is an international speaker on the subject of computer he security, hackers and online he privacy. follow him on twitter @gcluley@ in Mastodon[email protected]or send him an email.

Source link

M&S and Diageo pension schemes exposed in Capita hack • Graham Cluley

Leave a ReplyCancel Reply