If you have a Marks & Spencer or Diageo pension plan, your personal information may have fallen into the hands of hackers.

The problem is that supermarket giant M&S ​​and beverage company Diageo used Capita to manage their pensions, as do hundreds of other private sector retirement plans.

According to Capita, the hackers initially compromised the system It was discovered around March 22nd, 2023 and was not discovered until the end of the month. During that time, the company said, the attackers stole data from “a small portion of the affected server assets, which may include customer, supplier and colleague data.”

Bad news for Capita.

Bad news for companies like M&S and Diageo, who trusted Capita to manage their data.

And of course, bad news for the more than 100,000 pensioners whose details may have been stolen by hackers.

Sign up for our free newsletter.
Security news, advice and tips.

If you think this is bad, that’s just the tip of the iceberg…

UK pension watchdog after Capita released news of security breach It asked hundreds of pension funds to investigate whether customer data may have been compromised in the attack.

Shortly thereafter, the United Kingdom’s largest private sector pension scheme, the USS (Universities Superannuation Scheme), was established. warned About 470,000 of its members may have had access to their details during the Capita hack.

The details that may have been accessed included names, dates of birth, national insurance numbers, and USS membership numbers, according to USS.

USS said Capita could not at this time confirm whether the data was reliably accessed by hackers, but it would be prudent to assume so.

Capita is widely used by the UK Government, the NHS and many UK organizations, but has found itself in a very uncomfortable position having to deal with severe customer complaints.

For example, earlier this month, Colchester City Council publicly expressed its view that: “extreme disappointment” We worked with Capita because they wanted to fully understand how their data breach occurred and what further steps were needed.

Colchester City Council said it was “considering what further action would be appropriate with respect to Capita”.

Other councils reportedly Capita’s hack exposed data for Adour and Worthing, Coventry City Council, Derby City Council, Rochford District Council, South Staffordshire, and more.

Capita declined to say whether it was willing to pay the hackers a ransom, hoping to prevent the data from being released more widely.

Did you enjoy this article? Follow Graham Cluley on Twitter again Mastodon To read more of the exclusive content we post,

Graham Cluley is an antivirus industry veteran who has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent security he makes regular media appearances as an analyst and an international speaker on the subject of computer he security, hackers and online he privacy. follow him on twitter @gcluleyin Mastodon @[email protected]or send him an email.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog