Which pension firms are involved in the Capita data breach? 


In March 2023, Capita, one of the UK’s leading business process outsourcing and professional services companies, suffered a significant data breach. This cyber-attack has potentially affected millions of UK pension holders, with personal data such as names, dates of birth, National Insurance numbers, and financial details being accessed by hackers.  

How did the Capita data breach happen?

In March 2023, criminals exfiltrated data from Capita’s servers, exposing the private data of potentially half a million pension holders and their beneficiaries. Capita was attacked by the criminal ransomware gang, Black Basta. To access Capita’s systems, the criminals likely found and exploited a vulnerability in Capita’s cyber security.

The Capita pensions data hack

The data breach at Capita resulted from a ransomware attack, during which cybercriminals exfiltrated sensitive data from Capita’s servers.  

The Information Commissioner’s Office (ICO) noted that approximately 90 organisations reported data protection violations linked to this incident. Capita manages outsourced pension administration services for over 450 pension providers and the personal data of potentially more than half a million UK pension holders has been compromised. The breach affected not only pension holders but also their beneficiaries and Capita’s own employees. 

Pension firms affected by the Capita data breach

The following is a list of some of the pension schemes and firms potentially impacted by the Capita data breach: 

  • The Universities Superannuation Scheme (USS) 
  • Diageo pension scheme 
  • Ace INA Retirement Savings Plan 
  • Age UK 
  • Angram Bank Primary School 
  • Anglian Water 
  • Atlas 
  • Archdale School 
  • Arnold Clark 
  • AXA UK Group Pension Scheme 
  • Boots 
  • Capita teachers pension 
  • Capita pension solutions limited 
  • Civil Service 
  • CPLAS Trustees Limited 
  • DHL 
  • EFWU 
  • Emerson 
  • Equita 
  • French Kier 
  • Greene king 
  • GXO 
  • Iveco Ford 
  • Unilever pension scheme 
  • Kelda group 
  • Kier western 
  • Metropolitan Police 
  • National grid 
  • National Trust / Capita 
  • NHS England 
  • Northumbrian Water  
  • OCS Group staff pension 
  • Plusnet 
  • Safeway 
  • Samsung
  • Scottish Power 
  • Severn Trent Water 
  • Sheffield Schools 
  • Sopra Steria Retirement Benefits Sch 
  • Southern Housing Group 
  • Tarmac Pensions Limited 
  • The Mercer DB Master Trust- NHS Shared Business Services Ltd 
  • Volkswagen Group UK 
  • British American Tobacco 
  • British Coal Staff Superannuation Scheme 
  • Marks and Spencer pension scheme 
  • Canon Retirement Benefit Scheme 
  • Colchester City Council 
  • Coventry City Council 
  • DH & S Plan 
  • Diageo pension scheme 
  • DOW Service UK 
  • Environment Agency Pension Fund 
  • EE pension scheme 
  • Hanson Industrial pension scheme 
  • Heinz Pension Plan 
  • Mineworkers pension scheme 
  • Morrisons Retirement Save Plan 
  • Nest pension scheme 
  • Nissan pension scheme 
  • Northern Foods Trust 
  • O2 
  • Procter & Gamble pension fund 
  • Pfizer Pension Trustees 
  • Phillips 66 
  • Royal Mail 
  • Scottish and Newcastle Pension Plan 
  • Safeway Pension Scheme 
  • South Staffordshire Council 
  • Swindon Borough Council 
  • Wincanton 
  • Yorkshire & Clyde Bank pension trust 
  • Rothesay pension scheme 
  • PwC pension scheme 
  • BAE Systems 
  • Capita 

This list is not exhaustive, and the full extent of the breach may involve additional pension schemes. The impact on these firms varies, but all are dealing with the aftermath of the breach and the potential exposure of sensitive member data. 

Compensation claims and legal actions

KP Law has launched a group action to help victims of the Capita data breach claim compensation for the data protection violation. If you receive notification from your pension provider that your data was involved in the breach, you may be eligible to join this group action. Here’s what you need to do: 

  1. Register for Updates: Sign up with KP Law to receive ongoing updates about the investigation and information on how to make a no-win, no-fee data breach compensation claim. 
  2. Collect Evidence: Document any phishing attacks, scams, or financial losses that you believe are linked to the breach. This evidence will support your claim for compensation. 
  3. Monitor for Fraud: Stay vigilant against further cyber-attacks and accept Capita’s offer of credit monitoring to detect any fraudulent attempts using your compromised data. 

If you believe you are affected by the Capita pension data breach, it is crucial to stay informed, vigilant, and proactive in seeking legal advice to protect your rights and secure any compensation you may be entitled to. 

In March 2024, our firm changed its name to KP Law. 

Share this article: