Capita Boss to Step Down

Written by

The boss of one of Europe’s largest outsourcing companies has announced his retirement, several months after the firm suffered a cyber-attack that led to the compromise of data belonging to dozens of corporate customers.

Jon Lewis will step down as Capita CEO and board director “towards the end of the year,” although he will remain at the firm until July 2024 “to ensure an orderly transition,” the business process outsourcing giant said.

Having led the group since December 2017, Lewis received a glowing review from chairman, David Lowden, who praised his “outstanding leadership and determination in rebuilding Capita from the ground up,” and also his efforts in “rebuilding client trust and improving colleague engagement.”

However, the cyber incident in question threatens to cast a shadow over Lewis’s departure.

Read more on supply chain attacks: Clop Ransom Gang Breaches Big Names Via MOVEit Flaw

Capita revealed it had been the subject of a cyber-attack on March 31 and claimed a few days later that the incident had been largely contained and mainly affected internal access to its Microsoft 365 applications.

It noted in an update on May 10 that data was exfiltrated from “less than 0.1% of its server estate.”

However, reports later that month suggested that as many as 90 customers reported a potential compromise of personal information via the attack and a second incident, in which data was publicly exposed on a misconfigured cloud storage system.

The Black Basta ransomware group claimed responsibility for the first attack and said that stolen data had been put up for sale. One of the UK’s largest pension scheme providers, USS, warned nearly half a million members that they should assume their data had been compromised in the Capita breach.

The outsourcer subsequently said it expected to incur losses of around £15-20m in “specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cyber security environment.”

However, Lewis was not blamed for the incident; quite the reverse.

“I also want to pay particular tribute to his leadership in recent months, during which he decided to delay his possible retirement from Capita due to the cyber incident we experienced in March,” chairman Lowden said in a statement.

Lewis will be succeeded by current Amazon Web Services (AWS) VP of global telecommunications, Adolfo Hernandez.

Editorial image credit: T. Schneider /

What’s hot on Infosecurity Magazine?