Capita has been fined £14 million over a cyber attack that affected millions
The UK data watchdog has fined outsourcing company Capita £14 million after the personal data of 6.6 million people was stolen in a cyberattack.
The Information Commissioner’s Office (ICO) said Capita “failed to ensure the security of the processing of personal data leaving it at significant risk”.
The fine was originally set at £45 million but was reduced following discussions between Capita and the watchdog.
Adolfo Hernandez, Capita’s president, said the company was “pleased to bring this matter to a close and reach a settlement today.”
He said the company had “significantly enhanced” its cybersecurity resilience and been vigilant.
Capita provides professional services and outsourcing in a number of different areas to the public and private sectors.
It generated revenues of £2.4 billion last year, according to its latest annual report.
After the hack that occurred in March 2023, it was found that Capita had done this Leaving a bunch of unsafe data online.
Information containing what appears to be personal data – including home addresses and passport photographs – It started spreading on the dark web.
The ICO said financial data had been stolen, and in some cases criminal record details had been compromised.
Capita also manages more than 600 pension schemes, of which 325 have been affected.
Information Commissioner John Edwards said: “Capita has failed in its duty to protect the data entrusted to it by millions of people.”
He added: “The scale and impact of this violation could have been prevented if adequate security measures had been taken.”
The proposed £45 million fine was reduced to £14 million after Capita said it had made improvements to its cyber security, provided support to affected people and engaged with other regulatory bodies and the National Cyber Security Center (NCSC).
Earlier this year, retailer Co-op was subjected to a hack where details of all its contents were obtained Nearly 6.5 million customers were stolen.
This came among other high-profile cyber attacks targeting Marks & Spencer, Harrods and Jaguar Land Rover.
On Tuesday, the NCSC confirmed that there has been an increase in major attacks nationwide this year.
It came as the government wrote to bosses across the country advising them to put down their emergency plans on paper, in case they lose access to their computers in the event of a hack.