News

Capita reveals evidence of data breach in cyber attack

The outsourcer has restored staff access to Microsoft Office 365 after the attack and ‘virtually all’ the impacted client services.
The outsourcer has restored staff access to Microsoft Office 365 after the attack and ‘virtually all’ the impacted client services.

Outsourcing firm and government contractor Capita said customer, supplier or colleague data may have been accessed by hackers in a recent cyber attack on the firm.

The group – a major contractor for local authorities – said investigations since the hack was discovered on March 31 have shown evidence of a “limited” data breach.

It said this “might include customer, supplier or colleague data”.

“Capita continues to work through its forensic investigations and will inform any customers, suppliers or colleagues that are impacted in a timely manner,” it said.

Capita said it has restored staff access to Microsoft Office 365 after the attack, which was announced on April 3.

It marks the latest in a recent spate of cyber attacks, with high street retailer WH Smith suffering its second hack in less than a year last month and Royal Mail’s international postal service suffering lengthy disruption after hackers targeted the group.

When announcing the attack earlier this month, Capita said there had been “disruption” to some services provided to clients, by primarily affecting “access to internal Microsoft Office 365 applications”.

Companies that use Capita for call centre services, such as O2, were affected, it is understood.

Local authorities, such as Barnet Council in London, also said the IT issue impacted some customer service lines.

Capita insisted the majority of its client services were unaffected and remained in operation and that it has now “restored virtually all client services that were impacted”.

It said: “In parallel with the services restoration activity, Capita has continued to work closely and at speed with specialist advisers and forensic experts in investigating the incident to provide assurance around any potential customer, supplier or colleague data exfiltration.”

The group said its investigations so far suggest hackers first breached its systems on or around March 22, which it discovered and interrupted on March 31.

About 4% of its server estate was affected, it said.