If you have a Marks & Spencer or Diageo pension plan, your personal information may have fallen into the hands of hackers.
The problem is that supermarket giant M&S and beverage company Diageo used Capita to manage their pensions, as do hundreds of other private sector retirement plans.
According to Capita, the hackers initially compromised the system It was discovered around March 22nd, 2023 and was not discovered until the end of the month. During that time, the company said, the attackers stole data from “a small portion of the affected server assets, which may include customer, supplier and colleague data.”
Bad news for Capita.
Bad news for companies like M&S and Diageo, who trusted Capita to manage their data.
And of course, bad news for the more than 100,000 pensioners whose details may have been stolen by hackers.
If you think this is bad, that’s just the tip of the iceberg…
UK pension watchdog after Capita released news of security breach It asked hundreds of pension funds to investigate whether customer data may have been compromised in the attack.
Shortly thereafter, the United Kingdom’s largest private sector pension scheme, the USS (Universities Superannuation Scheme), was established. warned About 470,000 of its members may have had access to their details during the Capita hack.
The details that may have been accessed included names, dates of birth, national insurance numbers, and USS membership numbers, according to USS.
USS said Capita could not at this time confirm whether the data was reliably accessed by hackers, but it would be prudent to assume so.
Capita is widely used by the UK Government, the NHS and many UK organizations, but has found itself in a very uncomfortable position having to deal with severe customer complaints.
For example, earlier this month, Colchester City Council publicly expressed its view that: “extreme disappointment” We worked with Capita because they wanted to fully understand how their data breach occurred and what further steps were needed.
Colchester City Council said it was “considering what further action would be appropriate with respect to Capita”.
Other councils reportedly Capita’s hack exposed data for Adour and Worthing, Coventry City Council, Derby City Council, Rochford District Council, South Staffordshire, and more.
Capita declined to say whether it was willing to pay the hackers a ransom, hoping to prevent the data from being released more widely.
Did you enjoy this article? Follow Graham Cluley on Twitter again Mastodon To read more of the exclusive content we post,
