One of the UK’s largest pension plan providers has warned nearly half a million members that they should assume their data has been compromised in a recent breach at outsourcing firm Capita.
Established in 1974, the University Retirement System (USS) manages £82 billion for its 500,000 members working in the higher education sector.
Read more about the Capita attack: Outsourcer Capita claims it contained a ‘cyber incident’.
In an update on Friday, USS said it is using Capita’s Hartlink platform to support its internal pension management process and has been in close contact with its IT services firm since a “cyber incident” in late March. clarified.
“While it has been confirmed that USS member data held on Heartlink has not been compromised, unfortunately, it was revealed on May 11 that USS member details were held on Capita servers accessed by hackers. “Information that may be accessed includes titles, initials, and names. Their dates of birth. National insurance numbers. Their USS membership numbers,” the update continued.
“The details are from early 2021 and cover approximately 470,000 active, postponed and retired members. /or copied), but I recommend working on the assumption that it is. “
USS said it is still waiting to hear from Capita about the specific data sets that were compromised. After receiving and verifying these details, we will contact all affected members and, where applicable, their employers, to “make them aware of and apologize for any distress or inconvenience caused and offer them continued support and advice.” ”.
The news came from Capita in an update last week, which said the breach would cost between £15m and £20m in “expert costs, recovery and remediation costs, and investment in strengthening Capita’s cybersecurity environment”. announced after it was announced.
Capita also said it has taken further steps to ensure “the integrity, safety and security of its IT infrastructure.”
The outsourcer originally claimed about 4% of its server assets were compromised in the attack, but now says less than 0.1% was affected.
The report suggests ransomware group BlackBasta was behind the attack, and even if the outsourcing giant pays the ransom, the stolen data will likely end up in the cybercrime underground. means
Editorial image credit: T. Schneider / Shutterstock.com
