View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Capita expects increased £25m costs from cyberattack as it posts hefty loss

Though it maintains the impact of the breach was minimal for most customers, the outsourcer's costs are set to be higher than expected.

By Matthew Gooding

Capita says it now expects costs relating to a cyberattack that hit the company earlier this year to run to £20–25m but insists the impact of the breach on the majority of its customers was “minimal”. The outsourcing giant could be hit with a fine following the breach and faces several lawsuits from disgruntled clients, including a group of 50 doctors.

Capita says costs from a cyberattack in March could run to £25m. (Photo by T. Schneider/Shutterstock)

Previously Capita had said it expected to incur additional costs of £15–20m relating to the attack by the Russian ransomware gang Black Basta. But in its interim financial results, published today, it revised that figure to £20–25m.

Capita cyberattack costs increasing

As reported by Tech Monitor, the attack in March left Capita staff unable to access their systems and had a knock-on effect on the company’s many clients across the public and private sectors. Capita manages public sector contracts worth £6.5bn in the UK.

Following the breach, several local authorities reported they were unable to provide services to citizens. Capita launched an investigation, and having initially said no data had been stolen, it later admitted information from a small proportion of its servers had been taken by the hackers.

In its results for the six months to the end of June, published today, Capita said: “Based on the forensic work performed, we have confirmed that some data was exfiltrated – but from less than 0.1% of the group’s server estate. That data has been recovered and extensive steps have been taken to secure the data.

“We now expect net exceptional costs associated with the cyber incident of £20m to £25m reflecting the complexity of the forensic analysis of exfiltrated data. These costs comprise specialist professional fees, recovery and remediation costs, and investment to reinforce Capita’s cybersecurity environment, offset by anticipated insurance receipts.”

Overall, the company’s revenue for the first half of the year was down 3%, to £1.47bn, and it posted a loss of £67.9m, which its board said relates in part to the cyber incident, as well as other business issues. Though the results were broadly in line with market expectations, Capita’s share price dropped when the news was announced this morning.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Doctors take action after Capita cyberattack

Though Capita insists the impact of the breach was minimal, data watchdog the Information Commissioner’s Office had previously said it is investigating more than 90 complaints from businesses and individuals that fear their data has been exposed, and could issue the company with a fine.

It may also face several class action lawsuits, and this week it was reported that almost 50 doctors had signed up for a case being brought by Manchester law firm Barings Law.

Capita operates a variety of back-office functions for doctors surgeries, and in June it was reported that NHS England had suffered a data breach relating to the cyberattack on the business.

Speaking to the medical journal Pulse, Adnan Malik, head of data breach at Barings Law, said the company has been “inundated” with calls from people affected by the Capita breach, including multiple GPs.

Malik said: “There is a sense of anger compounded with frustration from our clients whose details have potentially been breached,” and added: “They are extremely concerned with the potential ramifications as the hackers may be in possession of a treasure trove of information and some of our clients fear that everything including their personal medical history could be at risk.”

Read more: Capita pens AI deal with Microsoft

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.