View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
April 20, 2023updated 28 Apr 2023 9:17am

Capita cyberattack saw customer data stolen

The outsourcing giant had previously said no customer information was accessed during the incident.

By Matthew Gooding

Outsourcing giant Capita has admitted data including customer information was accessed during a cyberattack last month.

Capita has revealed more details of a cyberattack last month. (Photo by T. Schneider/Shutterstock)

The company has been investigating the incident which affected the company’s access to Microsoft’s Office 365 productivity suite. It says it has solved the problem and restored access to systems, but that information may have been accessed by criminals. It had previously denied that data was stolen during the incident

No criminal gang has yet claimed responsibility for the breach, which caused widespread disruption for Capita’s clients in the public sector. It is one of the UK government’s largest suppliers, holding contracts worth £6.5bn for IT and other services. Clients include the BBC, for which it collects the licence fee, while it also provides customer service phone lines to several local authorities. 

How the Capita cyberattack happened

Capita said this morning that it had been dealing with the consequences of what it describes as a “cyber incident”. A statement from the company said: “Capita and its technical partners have restored Capita colleagues’ access to Microsoft Office 365. The majority of Capita’s client services were not impacted by the incident and remained in operation, and Capita has now restored virtually all client services that were impacted.

“In parallel with the services restoration activity, Capita has continued to work closely and at speed with specialist advisers and forensic experts in investigating the incident to provide assurance around any potential customer, supplier or colleague data exfiltration.”

The company says its investigation has shown that the hackers gained access on 22 March, and remained in its systems until the incident was discovered on 31 March.  “As a result of the interruption, the incident was significantly restricted, potentially affecting around 4% of Capita’s server estate,” the statement said. “There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data.”

Capita added that it “continues to work through its forensic investigations and will inform any customers, suppliers or colleagues that are impacted in a timely manner,” and is liaising with relevant data authorities.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Widespread consequence of Capita cyberattack

As reported by Tech Monitor, the incident left Capita staff unable to access any digital systems when they came into work on 31 March.

The National Cyber Security Centre, the Cabinet Office and other government agencies were then alerted to the incident, as Capita plays a leading role in sensitive areas of government work, as a supplier of services to Royal Navy training centres. It also works on security at Ministry of Defence bases. Staff working at impacted sites, including some relating to critical national infrastructure, resorted to using radios, pens and paper as a result of the attack, a source who spoke to The Guardian claimed at the time.

Local government services were also affected. Councils using Capita services, including Barnet, Barking and Dagenham, Lambeth and South Oxfordshire, all highlighted issues caused by the incident in the days following the breach. Barking and Dagenham Council said that owing to a “technical fault with our out-of-hours service systems, callers may experience slight delays in us being able to respond to their calls throughout the weekend.” 

Read more: Vanuatu is showing small nations how to resist big cyberattacks

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.