Capita employee data accessed in cyber-hack  


Earlier this year, Capita experienced a ransomware cyber-attack. At the time the breach was reported, Capita admitted that the hack affected several of its clients. Three months later, Capita has now informed some of its employees that their personal data was also accessed by the criminals, believed to be part of Russian-based ransomware group Black Basta.  

The employee data compromised in this hack may include:  

  • Dates of birth 
  • Marital status 
  • Home addresses 
  • Salary 
  • Email addresses 
  • Employment details
  • Employment history.   

The revelation that its own employees have had their personal data compromised sees the Capita data breach go from bad to worse.  

Earlier this week, trustees of the PwC pension scheme wrote to its members to inform then that, in addition to stolen names, dates of birth, retirement dates, and National insurance numbers, ‘Capita could not confirm to us that this information was final, complete and accurate’. This has left victims of the Capita data breach worried that the stolen data could include their bank account details.  

How are Capita employees reacting to the news?

While Capita says that it is taking “extensive steps” to recover and secure the data and check that it has not been sold on the dark web, it cannot guarantee that this won’t happen. This has left Capita employees frustrated and angry. Especially given the delay in being told about their involvement. This hold up has left Capita employees at risk of further attacks as they did not realise their data was in the hands of criminals, and that they needed to be extra vigilant.  

Employees are being offered a year’s free access to a credit-monitoring service, and we strongly recommend that this is accepted. At KP Law, we have seen victims of similar data breaches become the target of cybercriminals, with instances of phishing, fraud, and identity theft. Our data protection experts strongly advise anyone involved in this breach to be vigilant and take necessary precautions.    

Speaking to the Times, one employee said the hack was “played down” during internal meetings. They also claimed Capita executives had said that the incident was “just a small breach”. So, the anger being expressed by those affected seems justified.  

If you receive notification that you are affected by the Capita data breach, register below to join our no-win, no-fee data breach compensation claim. 

An employer cannot fire you or harm your career in any way if you make a claim. Capita would be breaking employment law if it did, and any action could be classed as discrimination. 

In March 2024, our firm changed its name to KP Law. 

Share this article: