Regulators have urged UK pensions schemes to examine whether or not they have suffered data breaches following a cyber assault on outsourcer Capita.
The Pensions Regulator on Sunday stated it had written to the a whole lot of pension funds that make use of Capita to administer their fee techniques, urging them to “determine whether there is a risk to their scheme’s data”.
London-listed Capita disclosed earlier this month that hackers might need accessed buyer data following a cyber attack on its servers in March.
The Pensions Regulator wrote to greater than 300 pension funds, which embody a mixture of private-sector outlined profit and outlined contribution schemes, in accordance to an individual accustomed to the matter.
In the letter, which was first reported by the Sunday Times, the regulator requested trustees to contact Capita to discover out whether or not their data might have been caught up within the breach, and reminded schemes of the accountability to disclose any data losses to people and regulators.
“We take IT security and the risk of cyber attacks extremely seriously,” the regulator stated in an announcement.
The USS, the UK’s largest personal sector pension plan, contracts Capita to administer its pensions software program for greater than 465,000 members. It was one of many schemes contacted by TPR, in accordance to an individual accustomed to the state of affairs.
“We are currently not aware of any impact on USS data,” stated a USS spokesperson, including that the scheme was liaising intently with Capita.
Capita is a serious outsourcer to each the personal and public sectors and is among the UK authorities’s largest contractors.
The firm gives IT companies amongst its companies, which additionally embody operating the London congestion charging zone, accumulating the BBC licence payment and overseeing coaching for the Royal Navy.
Capita in late March first disclosed an “IT issue” that left employees unable to entry some techniques and disrupted companies offered to native authority purchasers.
The outsourcer confirmed on April 20 that there had been a data breach and that hackers could have accessed buyer and inside data. It stated the incident affected about 4 per cent of its servers, and that it had discovered “some evidence of limited data exfiltration”.
It added that hackers accessed its servers on or round March 22, and it had managed to interrupt the operation on March 31 and had “significantly restricted” the incident.
The firm has refused to verify or deny whether or not the data breach shaped a part of a ransomware assault.
“Since March 31st we have been in regular contact with trustees and regulators, and we will keep them updated as our investigation into the cyber incident progresses,” Capita stated in an announcement on Sunday.
Ransomware assaults and different data breaches are a rising drawback for world companies, and have not too long ago been reported at a supplier to the world’s largest semiconductor gear producers, Japan’s Fujitsu and the UK’s Royal Mail.
A September report from consultancy PwC discovered that solely 14 per cent of world firms surveyed had not suffered a data breach up to now three years.