Outsourcing giant hit with £14m fine over 2023 cyber attack, but costs could rise as legal actions continue
Outsourcing giant hit with £14m fine over 2023 cyber attack, but costs could rise as legal actions continue
Capita has been fined £14m for its failure to secure personal data, which led to millions of people’s information being stolen after a Black Basta ransomware cyber attack in March 2023.
The Information Commissioner’s Office (ICO), which imposed the fine, said six million people had been affected by the data breach, with the information stolen including pension and staff records and details of Capita’s customers.
The cost of the breach to Capita could rise because thousands of affected individuals are involved in legal action against the outsourcing services provider.
The cyber attack was subsequently claimed by the Black Basta ransomware crew, which listed Capita on its dark web leak site and published documents that appeared to have been stolen from its systems, including client information.
The incident caused major IT outages and had a significant impact on customer-facing services at many public sector bodies and some operators of critical national infrastructure across the UK, with staff left unable to take calls from members of the public and others falling back on traditional pen and paper.
