Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Capita Cyberattack Hits UK Pension Funds

The recent ransomware attack on Capita may impact millions of customers of hundreds of pension funds in the UK.

The recent hacker attack aimed at UK-based business process outsourcing and professional services company Capita could impact hundreds of pension funds and millions of their members.

The largest private pension scheme in the UK, the Universities Superannuation Scheme (USS), revealed on Friday that it had learned from Capita that information on USS members was stored on servers accessed by cybercriminals. 

The information, dating from 2021, include the title, initial, name, date of birth, National Insurance number, and USS member number of roughly 470,000 members. 

“While Capita cannot currently confirm if this data was definitively ‘exfiltrated’ (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was,” USS said

British newspaper The Telegraph has learned from sources that as many as 350 pension funds and millions of their members could be impacted by the Capita breach. 

The IT company said last week that it expects to incur costs ranging between £15 million ($19 million) and £20 million ($25 million) as a result of the incident, but it has not clarified whether the amount includes a ransom payment to the hackers. 

The Black Basta ransomware group, which has taken credit for the attack on Capita, has removed all mentions of the company from its leak website — after initially threatening to sell stolen personal and financial data — which suggests that the cybercriminals have been or are expecting to get paid. 

Advertisement. Scroll to continue reading.

Capita has confirmed the theft of customer and other data from its systems. In its latest update on the cybersecurity incident, the company said data was stolen from less than 0.1% of its servers. However, experts believe that can still be a significant amount of data

Capita is one of the largest business outsourcing providers in the UK and its services are used by many government organizations. Some of these customers have started informing the public about the incident and the actions they are taking in response. 

Related: Ransomware Attack Hits Health Insurer Point32Health

Related: Payments Giant NCR Hit by Ransomware

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.


The City of Oakland has disclosed a ransomware attack that impacted several non-emergency systems.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


The personal and health information of more than 3.3 million individuals was stolen in a ransomware attack at Regal Medical Group.