Capita says it now expects costs relating to a cyberattack that hit the company earlier this year to run to £20–25m but insists the impact of the breach on the majority of its customers was “minimal”. The outsourcing giant could be hit with a fine following the breach and faces several lawsuits from disgruntled clients, including a group of 50 doctors.
Previously Capita had said it expected to incur additional costs of £15–20m relating to the attack by the Russian ransomware gang Black Basta. But in its interim financial results, published today, it revised that figure to £20–25m.
Capita cyberattack costs increasing
As reported by Tech Monitor, the attack in March left Capita staff unable to access their systems and had a knock-on effect on the company’s many clients across the public and private sectors. Capita manages public sector contracts worth £6.5bn in the UK.
Following the breach, several local authorities reported they were unable to provide services to citizens. Capita launched an investigation, and having initially said no data had been stolen, it later admitted information from a small proportion of its servers had been taken by the hackers.
In its results for the six months to the end of June, published today, Capita said: “Based on the forensic work performed, we have confirmed that some data was exfiltrated – but from less than 0.1% of the group’s server estate. That data has been recovered and extensive steps have been taken to secure the data.
“We now expect net exceptional costs associated with the cyber incident of £20m to £25m reflecting the complexity of the forensic analysis of exfiltrated data. These costs comprise specialist professional fees, recovery and remediation costs, and investment to reinforce Capita’s cybersecurity environment, offset by anticipated insurance receipts.”
Overall, the company’s revenue for the first half of the year was down 3%, to £1.47bn, and it posted a loss of £67.9m, which its board said relates in part to the cyber incident, as well as other business issues. Though the results were broadly in line with market expectations, Capita’s share price dropped when the news was announced this morning.
Doctors take action after Capita cyberattack
Though Capita insists the impact of the breach was minimal, data watchdog the Information Commissioner’s Office had previously said it is investigating more than 90 complaints from businesses and individuals that fear their data has been exposed, and could issue the company with a fine.
It may also face several class action lawsuits, and this week it was reported that almost 50 doctors had signed up for a case being brought by Manchester law firm Barings Law.
Capita operates a variety of back-office functions for doctors surgeries, and in June it was reported that NHS England had suffered a data breach relating to the cyberattack on the business.
Speaking to the medical journal Pulse, Adnan Malik, head of data breach at Barings Law, said the company has been “inundated” with calls from people affected by the Capita breach, including multiple GPs.
Malik said: “There is a sense of anger compounded with frustration from our clients whose details have potentially been breached,” and added: “They are extremely concerned with the potential ramifications as the hackers may be in possession of a treasure trove of information and some of our clients fear that everything including their personal medical history could be at risk.”