470,000 records from USS, the UK’s largest pension fund, may have been accessed The fund manages assets worth £82bn, and is the UK’s largest private pension provider, acting as the principal pension scheme for universities and higher education institutions in the UK.
It said in a statement today that data on its members was compromised during the Capita hack. Capita had initially said no customer data was stolen in what it describes as a “cyber incident”, but later admitted it is likely some information had been taken, and said in an update this week that “data was exfiltrated from less than 0.1% of its server estate”.
USS data stolen in Capita hack
This apparently included data belonging to USS members. The pension fund said in a statement released today that “we were informed on Thursday 11 May that regrettably details of USS members were held on the Capita servers accessed “The details, dating from early 2021, cover around 470,000 active, deferred and retired members.”
Personal data such as this can be used USS said that while “Capita cannot currently confirm if this data was definitively ‘exfiltrated’ (ie, accessed and/or copied) The statement added that the fund is waiting on Capita to provide details on specific information that was accessed, and said: “We are sorry that member data has been accessed in this way.
Content from our partners
“We are proactively engaging with Capita in respect of their ongoing investigations and are considering the next steps available to us. We also continue to engage with them about the ongoing support they will be providing to those affected.”
Capita cyberattack shockwaves continue
Tech Monitor reported last week that pension fund data may have been stolen in the breach, with financial regulator the Financial Conduct Authority writing to all UK funds that work with Capita. It provides services to hundreds of pension funds, as well as large swathes of the public sector.
The incident left staff at the outsourcing company without access to internal systems, and the knock-on effects saw services at organisations up and down the country disrupted for days.
In a statement released on Wednesday Capita said it is “working closely with all appropriate regulatory authorities and with customers, suppliers and colleagues to notify those affected and take any remaining necessary steps to address the incident.”
It expects the breach to cost it between £15-£20m.
Read more: ABB ‘suffers cyberattack’ by notorious Black Basta gang