Outsourcing firm and government contractor Capita has revealed it will take a hit of up to £20 million from a recent cyber attack that saw some customer, supplier and staff data accessed by hackers.
The group, which is a major contractor for local authorities, said investigations into the incident suggest that some data was accessed, but that this was from less than 0.1% of its server estate.
It said it has taken “extensive steps” to recover and secure the data contained within the affected server estate, and to “remediate any issues arising from the incident”.
It expects the bill for the cyber attack to reach between around £15 million and £20 million, covering specialist professional fees, recovery and remediation costs, as well as investment to reinforce its cyber security defences and strengthen its IT security.
“Capita has also taken further steps to ensure the integrity, safety and security of its IT infrastructure to underpin its ongoing client service commitments,” it added.
Capita admitted last month that hackers had accessed its systems for nearly 10 days before the breach was discovered.
The pensions regulator has reportedly asked hundreds of pension funds that use Capita as an administrator to assess whether their client data may be at risk.
It is thought that information containing Capita data was circulating on the dark web after the breach in March – with reports suggesting this included home addresses and passport images.
Capita’s systems are used to administer pensions for around 450 organisations, including corporate giants Royal Mail and Axa, covering millions of policyholders.
Capita declined to confirm what data was potentially accessed in the attack or how many staff, suppliers and customers were affected.
The attack marks the latest in a recent spate of cyber incidents, with high street retailer WH Smith suffering its second hack in less than a year in March and Royal Mail’s international postal service suffering lengthy disruption after hackers targeted the group.
