Business process outsourcing and tech services player Capita says there is proof that some customer data was scooped up by cyber baddies that broke into its systems late last month.
The British listed business, which has around £6.5 billion ($8.09 billion) in public sector contracts, updated the London Stock Exchange this morning to confirm the criminals breached its infrastructure on March 22 and remained inside until “interrupted” by the company on March 31.
“As a result of the interruption, the incident was significantly restricted, potentially affecting around 4 percent of Capita’s server estate. There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data.”
“Capita continues to work through its forensic investigations and will inform any customers, suppliers or colleagues that are impacted in a timely manner,” it said, adding: “Capita continues to comply with all relevant regulatory obligations.”
This comes after Russian extortionist crew Black Basta claimed it was behind the digital burglary at Capita and put up for sale sensitive information it reckons it stole, and which reportedly includes personal bank account details of people and business selling products or services to Capita. This is supposedly just small snippets of the data for sale.
Infosec veteran Kevin Beaumont previously said the stolen information being offered for sale also included a Capita Nuclear document – Capita provides support staff for the command centre of the Civil Nuclear Constabulary – paper marked confidential, and the floor plans of multiple buildings.
Beaumont said earlier this month: “Capita’s customers and regulators should be asking Capita to explain this – on the record and in writing.”
“Failing to disclose the loss of personal data can have serious financial and reputation damages — in short, do not cover up ransomware and extortion incidents or you may end up the case history of how not to respond,” he added.
Capita opened up on IT systems issues at the end of March, when its Azure Directory or Azure Active Director Service was suddenly unavailable to its own employees, impacting access to Microsoft 365 applications.
Days later Capita confirmed a “cyber incident” had disrupted services internally.
TechMartketViews analyst Marc Hardwick said the “million dollar questions” that are now facing Capita are “what data has been accessed, and to what extent the impact can be mitigated and how quickly this can be done.”
The Information Commissioner’s Office, the UK’s data watchdog, reiterated an earlier comment: “Capita has reported an incident to us and we are assessing the information provided”. ®