Connect with us

Hi, what are you looking for?



Capita Says Ransomware Attack Will Cost It Up to $25 Million 

UK-based Capita says the recent ransomware attack will cost it up to $25 million, but it has not clarified whether that includes a ransom payment to the cybercriminals.

Capita ransomware

UK-based business process outsourcing and professional services company Capita said on Wednesday that it expects to incur costs ranging between roughly £15 million ($19 million) and £20 million ($25 million) as a result of the recent cybersecurity incident, but it has not clarified whether that includes a ransom payment to the hackers. 

The breach came to light on March 31, when Capita said it was experiencing a major IT incident that had been causing disruptions, but it took until April 3 for the company to confirm that the cause was a cyberattack. 

Capita initially said there was no evidence of customer or other information getting compromised, but confirmed that files were stolen from its systems on April 20, days after a ransomware group named Black Basta started leaking information allegedly stolen from the company. 

The leaked files stored personal and financial information and the hackers were apparently hoping to find a buyer for it.

Capita is one of the largest business outsourcing providers in the UK and its services are used by the government.

In its latest update on the cybersecurity incident, the company said it determined that data was stolen from less than 0.1% of its server estate — it previously said that 4% of its servers were impacted. 

“Capita has taken extensive steps to recover and secure the customer, supplier and colleague data contained within the impacted server estate, and to remediate any issues arising from the incident,” the company stated.

Advertisement. Scroll to continue reading.

It added, “Capita expects to incur exceptional costs of approximately £15m to £20m associated with the cyber incident, comprising specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cyber security environment. Capita has also taken further steps to ensure the integrity, safety and security of its IT infrastructure to underpin its ongoing client service commitments.”

It’s unclear if the amount also includes a ransom payment made to the cybercriminals, but there is some evidence suggesting that the company has reached an agreement with the attackers.

The company has refused to provide clarifications when contacted by SecurityWeek. Investors were also not given a clear answer during a recent webinar, but the way the response was worded suggested there was a settlement. 

In addition, the hackers completely removed the company’s name from their leak website and they refused to answer any questions when contacted by researcher Kevin Beaumont. 

It’s not uncommon for organizations to pay significant amounts of money in response to ransomware attacks. The San Bernardino County Sheriff’s Department in California admitted recently that it made a $1.1 million payment to resolve a ransomware attack targeting its network. 

Related: Ransomware Group Claims Attack on Constellation Software

Related: Western Digital Confirms Ransomware Group Stole Customer Information

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.


The City of Oakland has disclosed a ransomware attack that impacted several non-emergency systems.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


The personal and health information of more than 3.3 million individuals was stolen in a ransomware attack at Regal Medical Group.