View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Capita cyberattack set to cost outsourcing giant up to £20m

The company, a major supplier to the UK government, is expecting a big bill following March's breach.

By Matthew Gooding

Capita expects to incur costs of up to £20m following a cyberattack in March. The hack saw the company’s clients across the UK left without access to systems, and it is likely customer data was stolen in the breach.

Capita expects to incur heavy costs following a cyberattack. (Photo by Postmodern Studio/Shutterstock)

Details of the incident remain scarce, but Capita said in a trading update to the London Stock Exchange this morning that it is expecting a bill after what it refers to as a “cyber incident.”

The global outsourcing company is one of the UK government’s largest suppliers and holds contracts valued at £6.5bn for IT and other services. Its clients include the BBC, for which it collects the licence fee, as well as many UK local authorities.

Capita cyberattack: outsourcer counts the cost 

Today’s update says that Capita “has continued to work closely and at speed with specialist advisers and forensic experts to investigate and resolve the cyber incident”.

The company said that “the unauthorised intrusion was interrupted by Capita which resulted in the impact of the attack being significantly restricted. Capita understands now, based on its own forensic work and that of its third-party providers, that some data was exfiltrated from less than 0.1% of its server estate. Capita has taken extensive steps to recover and secure the customer, supplier and colleague data contained within the impacted server estate, and to remediate any issues arising from the incident.”

Capita had initially said no customer data was accessed in the incident, but issued an update a week later saying that some information may have been stolen. As reported by Tech Monitor, the company wrote to its numerous pension fund clients to inform them that their data may have been at risk.

The statement adds that Capita is “working closely with all appropriate regulatory authorities and with customers, suppliers and colleagues to notify those affected and take any remaining necessary steps to address the incident.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

It said: “Capita expects to incur exceptional costs of approximately £15m to £20m associated with the cyber incident, comprising specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cybersecurity environment. Capita has also taken further steps to ensure the integrity, safety and security of its IT infrastructure to underpin its ongoing client service commitments.”

Services disrupted by Capita breach

No criminal gang has yet to claim responsibility for the breach. It does not seem to have negatively impacted Capita’s bottom line, with the company revealing in the trading update that its underlying financial performance remains in line with expectations.

The incident was certainly problematic for various government departments. The National Cyber Security Centre, the Cabinet Office and other agencies were alerted because of Capita’s role in sensitive areas of government work, including its position as a supplier of services to Royal Navy training centres. The company works on security at Ministry of Defence bases, and it was reported that staff working at impacted sites, including some relating to critical national infrastructure, had to use radios, pens and paper as a result of the breach.

Local government services were also affected, with local authorities using Capita services, including Barnet, Barking and Dagenham, Lambeth and South Oxfordshire, flagging up issues caused by the incident in the days following the hack.

Read more: UK’s largest conveyancing firm lost £7.3m to a cyberattack

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.