Outsourcing group Capita, which runs crucial services for the NHS and military, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber-attack last month.
The company said its investigation into the attack – which caused major IT outages for clients including local councils – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.
While the eventual intervention meant the cyber-attack was “significantly restricted”, affecting only 4% of its IT systems, Capita admitted that data was breached during the incident.
It raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts.
“There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data,” the company said in an update on Thursday.
Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.
“The majority of Capita’s client services were not impacted by the incident and remained in operation, and Capita has now restored virtually all client services that were impacted,” the company said, adding that it “continues to work through its forensic investigations and will inform any customers, suppliers or colleagues that are impacted in a timely manner.”
The cyber-attack at the end of March caused major outages for clients, including agencies involved in critical national infrastructure. Some customers reported having to resort to using radios, pens and paper as a result of the attack, which primarily affected the Microsoft Office 365 suite of products, which includes email, Teams virtual meetings, Word and Excel.
Capita public sector contracts span London’s congestion charge system to recruiting soldiers for the army. Its largest government customer is the Department for Work and Pensions, which has farmed out £2bn worth of work to Capita, mostly on its disability payment assessment services, although it also serves the National Cyber Security Centre, the Cabinet Office and other government agencies.
It also holds contracts with the London boroughs of Barnet, and Barking and Dagenham, and with South Oxfordshire council, whose phone lines for benefits, council tax and business rates call centres were disrupted by the attack.