The Information Commissioner's Office (ICO), the data watchdog, has stated that it has received around 90 reports regarding possible breaches connected to Capita.
In the realm of data protection in the UK, the Information Commissioner's Office (ICO) takes on the role of a guardian. Its primary function involves enforcing laws that govern communication, networking, and the security of data.
The ICO ensures that businesses and organizations adhere to these laws, with the aim of safeguarding individuals' personal information.
Its most notable role is in upholding the EU's General Data Protection Regulation (GDPR).
The ICO's primary objective is to ensure that businesses operating in the UK adhere to rigorous data protection principles, safeguarding individuals' privacy and personal information.
Capita is a major supplier to UK government departments and is involved in various contracts within the private sector.
These reports pertain to both the cyberattack that occurred in March and the recent discovery of an unsecured database.
As per the information from the Information Commissioner's Office (ICO), it said that it is currently investigating two cyber incidents related to Capita. In March, Capita experienced a cyber attack that resulted in staff being locked out of Microsoft's Office 365 Productivity suite.
Although initially claiming no data was accessed, Capita later acknowledged that some data was exposed to malicious actors.
Furthermore, it was confirmed that in the recent cyberattack on Capita, resulted in a breach of personal information of nearly 500,000 members of the USS lecturers' pension fund.
Additionally, the ransomware group Black Basta has claimed responsibility for the breach. However, yet we are not informed about any ransom demands or payments, but Capita expects to face costs of £20m as a result of the incident.
Furthermore, the Information Commissioner's Office further said that the exact count of companies impacted by the breach is currently uncertain.
Capita provides services to a wide range of organizations, including the Ministry of Defense and the NHS in the public sector, as well as the Royal Bank of Scotland, O2, and Vodafone in the private sector. With over 50,000 employees, Capita holds substantial UK government contracts valued at over £8bn.
The cyberattack has had an impact on various local councils in the UK. Barnet, Barking and Dagenham, Lambeth, and South Oxfordshire have all reported encountering issues due to the incident. Additionally, following the discovery of the unsecured AWS bucket, Colchester and Coventry city councils have come forward to acknowledge that their data may also be affected.