Regulator warns firms to investigate Capita data breach
The Financial Conduct Authority (FCA) has urged clients of Capita to investigate their data and IT systems following a ransomware attack in late March.
The FCA has reached out to Capita’s clients including FTSE 100 insurance firms Aviva and Phoenix Group alongside a number of pension firms including Pension Insurance Group and Rothsay, to ensure they are sufficiently reviewing and responding to potential data breaches.
The FCA said ”We have continued to engage with Capita since their cyber incident was reported to understand the extent of any data compromise and impact on firms they provide outsource services to including their underlying customers.”
The public sector outsourcer is a major government supplier with £6.5 billion of contracts involving the congestion zone system in London, as well as collecting the BBC licence fees and critical NHS operations.
Cybersecurity expert Achi Lewis, Area VP EMEA for Absolute Software, commented: “Organisations must be on full alert to detect, prevent and ultimately recover from cyber-attacks – everyone has valuable data, so everyone is a target. This includes being ready to respond when an attack occurs, not if, ensuring the right protocols and technology are in place to get IT systems back operational and mitigate data, financial, and reputation damage caused by a breach, especially if it involves ransomware as full recovery can take organisations weeks, months, and even years if they are not sufficiently prepared.”
“Part of forming a good recovery posture includes the proper reporting of cyber-attacks when they occur to enable partners and customers to best protect their own systems to prevent breaches from doing even more damage. Contacting the ICO and customers as soon as an attack occurs can prompt proper investigations to deal with threats. This can be supported through technology measures such as self-healing capabilities. If systems are damaged by a breach, devices and applications can be self-repaired and cyber programmes restored to reduce the risk of reinfection and help the organisation get back online quickly and safely” Lewis added.
The FCA stated it had: “written to FCA regulated firms that are clients of Capita to ensure they are fully engaged in understanding the extent of any data compromise.”
The attack in late March, claimed by a ransomware gang, hit Capita systems for over a week, with threat actors gaining unauthorised access to data and restricting customer-facing services.
The stolen data included client information, information on job applicants, payment details of Capita Business Services’ Capita Nuclear unit and internal floor plans.