Data on 470,000 members of UK’s biggest pension fund USS exposed in Capita cyberattack

Britain’s biggest pension fund the Universities Superannuation Scheme (USS) has revealed that data on 470,000 of its members may have been stolen during March’s cyberattack on Capita. It is the first indication of the extent of the breach at the outsourcing giant.

470,000 records from USS, the UK’s largest pension fund, may have been accessed The fund manages assets worth £82bn, and is the UK’s largest private pension provider, acting as the principal pension scheme for universities and higher education institutions in the UK.

It said in a statement today that data on its members was compromised during the Capita hack. Capita had initially said no customer data was stolen in what it describes as a “cyber incident”, but later admitted it is likely some information had been taken, and said in an update this week that “data was exfiltrated from less than 0.1% of its server estate”.

USS data stolen in Capita hack

This apparently included data belonging to USS members. The pension fund said in a statement released today that “we were informed on Thursday 11 May that regrettably details of USS members were held on the Capita servers accessed “The details, dating from early 2021, cover around 470,000 active, deferred and retired members.”

Personal data such as this can be used USS said that while “Capita cannot currently confirm if this data was definitively ‘exfiltrated’ (ie, accessed and/or copied) The statement added that the fund is waiting on Capita to provide details on specific information that was accessed, and said: “We are sorry that member data has been accessed in this way.

Content from our partners

Digital solutions hold the key for government departments under pressure to drive greater efficiencies 

Why HR must embrace new tools to serve a fast-changing workforce

Why insurers are embracing the transformational power of cloud 

“We are proactively engaging with Capita in respect of their ongoing investigations and are considering the next steps available to us. We also continue to engage with them about the ongoing support they will be providing to those affected.”

Capita cyberattack shockwaves continue

Tech Monitor reported last week that pension fund data may have been stolen in the breach, with financial regulator the Financial Conduct Authority writing to all UK funds that work with Capita. It provides services to hundreds of pension funds, as well as large swathes of the public sector.

The incident left staff at the outsourcing company without access to internal systems, and the knock-on effects saw services at organisations up and down the country disrupted for days.

In a statement released on Wednesday Capita said it is “working closely with all appropriate regulatory authorities and with customers, suppliers and colleagues to notify those affected and take any remaining necessary steps to address the incident.”

It expects the breach to cost it between £15-£20m.

Read more: ABB ‘suffers cyberattack’ by notorious Black Basta gang

Leave a Reply

Your email address will not be published. Required fields are marked *