Is financial data compromised in the Capita pensions data breach?  


In March 2023, Capita experienced a ransomware cyber-attack. This breach affected several of Capita’s clients, most notably those it provides pension administration services to. And that’s no small number as Capita currently supports over 450 clients in the UK.  

Anyone who has a pension with one of these companies may have had their data stolen.   

Our investigators believe that the Russian-based ransomware group BlackBasta was likely responsible. The criminals claimed they had the Capita data in a now-deleted online post. Capita has declined to comment on whether it paid the ransom.   

As yet, we do not have a definitive list of all the data that has been compromised in this hack. However, reports have speculated that names, dates of birth, retirement dates, and National insurance numbers are at risk. And now, a letter from trustees of the PwC pension scheme states that ‘Capita could not confirm to us that this information was final, complete and accurate’.  

As a result, victims of the Capita data hack are left not knowing what personal data is in the hands of cybercriminals. Or what they will do with it. This has left pension holders worried that the stolen data could include their bank account details. Certainly, this has not yet been ruled out.  

Who is responsible for the Capita data hack?

While it was Capita that was breached, the schemes that use Capita’s services remain “responsible for the security of” their members’ data. Following the data breach, The Pensions Regulator (TPR) advised trustees of those schemes to “check whether your pension scheme’s data could be affected”, and to contact their members “proactively to warn them about pension scams “.  

Capita has yet to confirm how many of its clients were impacted. However, we do know that the following pension plans may have had member data stolen:  

Are pension holders at risk?

Unfortunately, yes. And to ensure they do not fall victim to further attacks, affected pension holders must be vigilant.  

At KP Law, we have seen victims of similar data breaches become the target of cybercriminals, with instances of phishing, fraud, and identity theft. Our data protection experts strongly advise anyone involved in this breach to be vigilant and take necessary precautions.    

The affected pension plans should be writing to their members to inform them about the breach and provide additional advice on how to stay safe.  

If you receive notification that you are affected by the Capita data breach, register below to receive updates on our investigation and join our no-win, no-fee data breach compensation claim. 

In March 2024, our firm changed its name to KP Law. 

Share this article: