UK Pension Scheme: Members Should Assume Capita Data Theft

Written by

One of the UK’s largest pension scheme providers has warned nearly half a million members that they should assume their data has been compromised in a recent breach at outsourcer Capita.

Established in 1974, the Universities Superannuation Scheme (USS) manages £82bn for its 500,000 members, who work in the higher education sector.

Read more on the Capita attack: Outsourcer Capita Claims to Have Contained "Cyber Incident."

In an update on Friday, USS revealed that it uses Capita’s Hartlink platform to support in-house pension administration processes and has therefore been in close contact with the IT services firm following a “cyber incident” in late March.

“While it has been confirmed that USS member data held on Hartlink has not been compromised, we were informed on May 11 that regrettably details of USS members were held on the Capita servers accessed by the hackers. The information potentially accessed includes: their title, initial(s), and name; their date of birth; their National Insurance number; their USS member number,” the update continued.

“The details, dating from early 2021, cover around 470,000 active, deferred and retired members. While Capita cannot currently confirm if this data was definitively ‘exfiltrated’ (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was.”

USS said it was still waiting to hear from Capita about the specific data set that was compromised. When it has received and checked these details it will then contact all affected members, and employers if applicable, “to make them aware, to apologize for any distress or inconvenience caused, and to provide ongoing support and advice.”

The news comes after Capita revealed in an update last week that the breach would cost it £15–20m in “specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cyber security environment.”

Capita said it has also taken further steps to ensure the “integrity, safety and security of its IT infrastructure.”

After initially claiming around 4% of the server estate was compromised in the attack, the outsourcer is now saying that less than 0.1% was affected.

Reports suggest ransomware group BlackBasta is behind the attack, meaning any stolen data is likely to end up on the cybercrime underground, even if the outsourcing giant pays a ransom.

Editorial image credit: T. Schneider /

What’s hot on Infosecurity Magazine?