Capita Cyber Incident: FAQs

What happened? 

Capita Pension Solutions Ltd, part of Capita plc, (“Capita”) recently reported a cyber incident confirming that they had been targeted by professional hackers potentially impacting a number of their servers. The incident occurred because of a targeted phishing email, which is an email intended to trick individuals into clicking a link or opening an attachment, and is designed to steal money, credentials, or other sensitive information. 

Capita provides outsourcing services for many different sectors of industry and public bodies. 

Their technology platforms provide many pension schemes with administration services such as payroll services for pensions in payment. 

Dalriada Trustees Limited (“Dalriada”) has worked closely with Capita to understand how the incident occurred, what actions they have taken to secure the personal data they hold, and how they will mitigate any increased risks of financial fraud and or identity theft that could occur because of this cyber incident. 

Capita has regrettably told us that details of the pension scheme were accessed by the hackers. The information for those members impacted may contain some or all of the following:   

• Title;  
• Initial(s); 
• Name; 
• Date of Birth; 
• National Insurance Number; 
• Member ID Number; 
• Tax Code 
• Tax Paid (along with any other deductions); 
• Date the pension ceased; or 
• Date of Retirement. 

Dalriada is still waiting on confirmation of those specific members where data has been compromised.  

Capita has confirmed that impacted members will be given access to an online monitoring tool provided by Experian, a leading identity protection service, free of charge for a period of 12 months from activation. Those members directly impacted will receive a further letter which will include details of the service being provided by Experian, along with telephone support providing access to experts who can answer any concerns about identity theft and fraud. 

We strongly encourage you to wait for these contact details if you are impacted as the service is designed to provide you with any assistance you may need.  

What member data has been taken?

The full extent of the data breach is still to be confirmed; however, we understand that copies of data generated by Capita’s administration platforms were taken from files held on a local server. A list of the data items that Capita has confirmed as exposed is listed above.  

When was Dalriada first made aware that pension scheme member data had been impacted?  

We started to receive notifications from Capita during Wednesday 18th May and through to Monday 22nd May. 

Does my Pension remain safe?

Yes, only personal data was accessed in this incident, assets of the scheme have not been compromised.

Has Dalriada informed the Information Commissioner’s Office (ICO) and The Pensions Regulator (TPR)?

Yes, we have reported this to ICO and TPR. We will work them on any investigation they may choose to conduct and any recommendations they might subsequently make. 

How is Dalriada managing the incident for schemes where Dalriada is trustee?  

We continue to engage with Capita’s senior management team in respect of their ongoing investigations and the details of the ongoing support they will be providing to those impacted.  

As detailed earlier, members will be given access to a leading identity protection service, Experian, free of charge. We are coordinating with Capita regarding this and expect a letter to be issued to those impacted shortly. 

Is Dalriada at any risk of a cyber incident?

We live in a world where most of our data is kept digitally, and unfortunately, cyber fraud is becoming increasingly a real threat to organisations and individuals. We have reviewed our own systems and controls to ensure they remain robust, and have achieved ISO 27001 accreditation, an internationally recognised standard for Information Security Management. We will also seek feedback from Capita on the controls they will put in place to mitigate against the risk of future incidents.  

What advice and guidance can we give to help protect yourself from potentially identify theft or fraud?

We encourage all members to be particularly vigilant if you receive any unexpected emails, telephone calls, texts, or letters. 

 Please be careful you do not share any personal or financial information when responding to emails or telephone calls and check your bank, building society and credit card accounts regularly for any unusual payments that you do not recognise.  

Cyber criminals commonly use a scam technique called phishing, which is mostly email-based, to lure victims under false pretences to websites which look legitimate to get them to provide personal information including bank account and credit card details. These emails appear to be from recognisable sources such as banks but actually link to fraudulent websites.

So:

• Protect your email with a strong password (tip: use three random words to create a single password that is difficult to crack).  
• Do not share your password with anyone.  
• Turn on 2-step verification (2SV) on your email account. 
• Install the latest security updates to your browser software and personal computing devices.  
• If in doubt, do not open emails.  
• Check that any links look correct before you click on them.  
• Be suspicious of anyone who asks for your bank account or credit card details.  
• If the email contains spelling mistakes, this can be a sign that this is a phishing scam. Do not open the email or attachments.  
• If you think you have been a victim of fraud you should report it to Action Fraud, the UK's national fraud and internet crime reporting centre, on 0300 123 2040. 
• If you receive a suspicious email, you should forward it to report@phishing.gov.uk. For text messages and telephone calls, forward the information to 7726 (free of charge). For items via post, contact the business concerned.
• If there are any changes to your National Insurance information, HM Revenue & Customs would contact you – but you can also phone them on 0300 200 3500.
• For more advice on how to stay secure online, please visit www.cyberaware.go.uk.

How to check if one of your online accounts may have been compromised?

Services such as www.haveibeenpwned.com can tell you if your personal information or any of your account passwords have been made public in a major data breach. Help is also available from Experian, once you have access.