The UK’s largest outsourcing company has revealed that threat actors likely compromised data during a “cyber incident” at the firm in March.
Capita reportedly has billions of pounds worth of contracts with the British government, running critical programs for the NHS, HM Prison and Probation Service, the Royal Navy and many others.
In an update yesterday, the London-headquartered business process outsourcer claimed there is now evidence of “limited data exfiltration” from the servers compromised by its attackers.
“From our investigations to date, it appears that the incident arose following initial unauthorized access on or around March 22 and was interrupted by Capita on March 31. As a result of the interruption, the incident was significantly restricted, potentially affecting around 4% of Capita’s server estate,” it explained.
“Capita continues to work through its forensic investigations and will inform any customers, suppliers or colleagues that are impacted in a timely manner.”
The firm is working with third-party forensics experts to determine the cause and extent of the breach, which it said primarily impacted access to internal Microsoft 365 applications.
“Since the incident, Capita and its technical partners have restored Capita colleagues’ access to Microsoft 365,” it added. “The majority of Capita’s client services were not impacted by the incident and remained in operation, and Capita has now restored virtually all client services that were impacted.”
ESET global security advisor, Jake Moore, argued that ransomware, or at least data extortion, is likely to explain the motive for the attack.
“Any sensitive data caught up in this situation will have been held to ransom with the ability to have negotiated large sums of money,” he added.
“As we remained in the dark for so long as to whose data was affected it is therefore necessary for the public to treat any upcoming communications with caution, especially from organizations Capita dealt with such as the NHS, government agencies or even the BBC. Phone calls, texts messages and authentic looking emails can all be created very easily to fool people, especially when coupled with corresponding genuine personal information.”
Editorial image credit: T. Schneider / Shutterstock.com