Around 90 organisations have reported Capita-related data breaches to the ICO


Last week, the Information Commissioner’s Office (ICO), which is the UK’s data protection regulator, published a statement about two significant data breaches at Capita.  

The first breach followed a ransomware cyber-attack in March 2023, when criminals exfiltrated some data from Capita’s servers. We believe that over half a million UK pension holders could be affected by this data security incident. The second Capita data breach relates to benefit data that was left on an unsecured Amazon storage platform for years. 

In its statement, the ICO said that it was receiving “a large number of reports” about the data protection breaches. And today (30 March 2023), more information has come to light, as the ICO confirms that the number of organisations with reported breaches is now around 90.  

We don’t yet know the full list of affected organisations, or which organisations have been affected by which breach. But it’s clear that far more people could be affected by the Capita data breaches than first thought. Capita administers pension funds for several large firms, including Royal Mail and Axa, so millions of policyholders could be at risk. 

Who is affected by the Capita data breaches?

We do know that the following pension plans and local authorities may have had data compromised in the Capita data breaches.  

The Universities Superannuation Scheme (USS)

The USS is the biggest private sector pension plan in the UK. Around 470,000 members may have had their detail stolen in the Capita cyber-attack.  

Diageo pension scheme

The drinks maker has said that around 32,000 pension members have been affected by the incident.   

Unilever pension scheme

Capita has confirmed that some Unilever member data may have been accessed by the unauthorised third party. 

Marks and Spencer pension scheme

In 2021 the scheme had 106,000 members with about 53,000 of those pensioners.   

Rothesay pension scheme

Around 50,000 individuals are thought to be affected. 

Various local authorities, including:
      • Colchester Council 
      • Coventry City Council 
      • Adur and Worthing Councils 
      • Rochford District Council 
      • Derby City Council 
      • South Staffordshire Council. 

Are you affected by a Capita data breach?

Personal data, including names, dates of birth and National Insurance numbers may have been accessed by hackers. Other valuable information may also have been compromised and we understand financial/bank details were also affected.   

Affected pension schemes and local authorities should be in touch to notify individuals involved in the Capita data breaches.  

If you receive notification that you are affected by a Capita data breach, register below to receive updates on our investigation. We’ll let you know what’s happening, and if you can make a no-win, no-fee data breach compensation claim. 

You should also take steps to protect yourself following the breach. Find out how to do this here.  

In March 2024, our firm changed its name to KP Law. 

Share this article: