Outsourcing giant Capita has admitted data including customer information was accessed during a cyberattack last month.
The company has been investigating the incident which affected the company’s access to Microsoft’s Office 365 productivity suite. It says it has solved the problem and restored access to systems, but that information may have been accessed by criminals. It had previously denied that data was stolen during the incident
No criminal gang has yet claimed responsibility for the breach, which caused widespread disruption for Capita’s clients in the public sector. It is one of the UK government’s largest suppliers, holding contracts worth £6.5bn for IT and other services. Clients include the BBC, for which it collects the licence fee, while it also provides customer service phone lines to several local authorities.
How the Capita cyberattack happened
Capita said this morning that it had been dealing with the consequences of what it describes as a “cyber incident”. A statement from the company said: “Capita and its technical partners have restored Capita colleagues’ access to Microsoft Office 365. The majority of Capita’s client services were not impacted by the incident and remained in operation, and Capita has now restored virtually all client services that were impacted.
“In parallel with the services restoration activity, Capita has continued to work closely and at speed with specialist advisers and forensic experts in investigating the incident to provide assurance around any potential customer, supplier or colleague data exfiltration.”
The company says its investigation has shown that the hackers gained access on 22 March, and remained in its systems until the incident was discovered on 31 March. “As a result of the interruption, the incident was significantly restricted, potentially affecting around 4% of Capita’s server estate,” the statement said. “There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data.”
Capita added that it “continues to work through its forensic investigations and will inform any customers, suppliers or colleagues that are impacted in a timely manner,” and is liaising with relevant data authorities.
Widespread consequence of Capita cyberattack
As reported by Tech Monitor, the incident left Capita staff unable to access any digital systems when they came into work on 31 March.
The National Cyber Security Centre, the Cabinet Office and other government agencies were then alerted to the incident, as Capita plays a leading role in sensitive areas of government work, as a supplier of services to Royal Navy training centres. It also works on security at Ministry of Defence bases. Staff working at impacted sites, including some relating to critical national infrastructure, resorted to using radios, pens and paper as a result of the attack, a source who spoke to The Guardian claimed at the time.
Local government services were also affected. Councils using Capita services, including Barnet, Barking and Dagenham, Lambeth and South Oxfordshire, all highlighted issues caused by the incident in the days following the breach. Barking and Dagenham Council said that owing to a “technical fault with our out-of-hours service systems, callers may experience slight delays in us being able to respond to their calls throughout the weekend.”