Capita Says Hackers May Have Snagged Customer and Employee Data in Recent Cyberattack

Outsourcing giant Capita has issued a statement confirming that hackers may have stolen sensitive data in a recent cyber-attack targeting the company.

London-based Capita is a major outsourcer of business processes and professional services, with some 61,000 employees.

At the end of March, the company learned hackers had breached its systems, resulting in some downtime to internal applications and disrupting services. The business continued to run optimally, with most of its client services remaining in operation.

At the time, Capita had found no evidence that customer, supplier or employee data was compromised.

As it worked to restore access to the affected systems, Capita investigated to learn exactly what happened. It found, among other things, that the incident arose following initial unauthorised access on or around March 22.

The attackers had access to around 4% of Capita’s server estate between that time and March 31, when the company’s IT people sprang into action to stop the breach.

“As a result of the interruption, the incident was significantly restricted,” the outsourcing giant says in its latest update.

“There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data.”

A BleepingComputer report says the culprits could be the Black Basta ransomware operation which temporarily named Capita as a victim on their data leak portal, complete with a data dump including bank account details, physical addresses, passport scans, and other sensitive information.

The ransomware crew has since taken down the post, suggesting they may have reached an understanding with their victims – if indeed Black Basta were the culprits.

Capita pledges to keep everyone updated with the latest findings as it continues to sift through forensics.

It’s worth noting that the company has not confirmed it suffered an actual ransomware attack, yet many signs point to one.