Capita under scrutiny by UK regulator over cyberattack

The breach, claimed by ransomware group Black Basta, went undetected for nine days.

 Pen, Computer, Electronics, Laptop, Pc, Adult, Male, Man, Person, Cup, Disposable Cup, Text

The Information Commissioner’s Office (ICO), the UK’s regulatory body, has initiated an investigation into the March cyberattack on Capita. Capita, a provider of vital government services at top-notch rates, has already estimated potential losses of up to £20 million ($25 million) following the data breach. The attack was claimed by the ransomware group Black Basta.

Capita admitted that it did not discover the incident until the end of March, which was nine days after its defences were breached. According to recent reports from the Financial Times, approximately 470,000 individuals may have been at risk as a result of the cyberattack, even though only a small portion of Capita’s server infrastructure was affected.

The ICO is urging organisations that rely on Capita’s services to evaluate their own situations in relation to these incidents and determine whether any personal data they possess has been compromised. If deemed necessary, the affected entities are advised to notify the ICO of any data breaches, as the ICO will use this information to provide appropriate guidance for future actions.

The ICO stresses that any organisation identifying a personal data breach must notify them within 72 hours unless it is determined that the breach poses no risk to people’s rights and freedoms. If an organisation decides not to report a breach, it should maintain its own record and be prepared to provide an explanation if required.

Capita may face challenges as a result of the ICO’s investigation. Recently, the company announced securing two contracts worth £565 million with the Department for Work and Pensions (DWP) and the Department for Communities (DfC) to provide essential services to individuals with disabilities. Additionally, Capita revealed plans to sell its OnePage service to ErisBerg, which is described as a leading provider of critical alerting and mobile messaging services. It remains uncertain whether the ICO’s statement will impact the sale price of OnePage or jeopardize the DWP and DfC contracts.