Regulators have urged UK pensions schemes to analyze whether or not they have suffered knowledge breaches following a cyber assault on outsourcer Capita.
The Pensions Regulator on Sunday stated it had written to the lots of of pension funds that make use of Capita to manage their fee methods, urging them to “decide whether or not there’s a threat to their scheme’s knowledge”.
London-listed Capita disclosed earlier this month that hackers might need accessed buyer knowledge following a cyber assault on its servers in March.
The Pensions Regulator wrote to greater than 300 pension funds, which embrace a mixture of private-sector outlined profit and outlined contribution schemes, in keeping with an individual acquainted with the matter.
Within the letter, which was first reported by the Sunday Occasions, the regulator requested trustees to contact Capita to seek out out whether or not their knowledge might have been caught up within the breach, and reminded schemes of the accountability to reveal any knowledge losses to people and regulators.
“We take IT safety and the danger of cyber assaults extraordinarily critically,” the regulator stated in a press release.
The USS, the UK’s largest personal sector pension plan, contracts Capita to manage its pensions software program for greater than 465,000 members. It was one of many schemes contacted by TPR, in keeping with an individual acquainted with the state of affairs.
“We’re at the moment not conscious of any affect on USS knowledge,” stated a USS spokesperson, including that the scheme was liaising intently with Capita.
Capita is a serious outsourcer to each the personal and public sectors and is likely one of the UK authorities’s largest contractors.
The corporate gives IT companies amongst its companies, which additionally embrace operating the London congestion charging zone, gathering the BBC licence payment and overseeing coaching for the Royal Navy.
Capita in late March first disclosed an “IT problem” that left employees unable to entry some methods and disrupted companies supplied to native authority purchasers.
The outsourcer confirmed on April 20 that there had been a knowledge breach and that hackers might have accessed buyer and inside knowledge. It stated the incident affected about 4 per cent of its servers, and that it had discovered “some proof of restricted knowledge exfiltration”.
It added that hackers accessed its servers on or round March 22, and it had managed to interrupt the operation on March 31 and had “considerably restricted” the incident.
The corporate has refused to verify or deny whether or not the information breach fashioned a part of a ransomware assault.
“Since March thirty first we’ve got been in common contact with trustees and regulators, and we are going to preserve them up to date as our investigation into the cyber incident progresses,” Capita stated in a press release on Sunday.
Ransomware assaults and different knowledge breaches are a rising drawback for world companies, and have just lately been reported at a provider to the world’s largest semiconductor tools producers, Japan’s Fujitsu and the UK’s Royal Mail.
A September report from consultancy PwC discovered that solely 14 per cent of world firms surveyed had not suffered a knowledge breach up to now three years.