Last month’s cyberattack on British outsourcing business Capita may have compromised consumer data.
On Thursday, the London outsourcing giant, whose customers include the NHS, the U.K. military, and the Department for Work and Pensions, said its investigation into the March attack found “limited data exfiltration” that “might include customer, supplier or colleague data.”
Capita has not said how many customers or what data were accessed. Capita agency spokesperson Russ Lynch told TechCrunch the corporation would not disclose further.
According to a Sunday Times report, the Russian-speaking Black Basta ransomware organization, which claimed responsibility for the attack, exposed personal bank account details, passport images, addresses, and instructors’ job applications.
The group also attacked U.S. satellite TV provider Dish.
Capita is not included on Black Basta’s dark web leak site, which ransomware organizations use to coerce companies into paying ransom for not disclosing stolen data.
Capita first reported an “IT issue” in late March, then a “cyber incident” on April 3, which prevented personnel from using its VPN and Microsoft 365 services. “No evidence of customer, supplier or colleague data having been compromised,” Capita said.
The intrusion interrupted several Capita client services. For example, local bodies like Barnet Council in London and corporations like O2, which employ Capita for call center services, had customer service lines disrupted.
Cabinet Office spokeswoman Conor Walsh told TechCrunch that the incident “primarily affected internal processes with minimal impact on government departments” and disrupted U.K. government services.
“We are aware of the cyber incident that affected Capita and continue to be in regular contact with the company,” the official said. The Sunday Times reports Capita has £6.5 billion ($8bn) in public sector contracts.
In its latest update, Capita said it has restored “virtually all client services that were impacted” and restored employee access to Microsoft 365. On Thursday, Capita confirmed that hackers first breached its internal systems on March 22, nine days before it “interrupted” the attack on March 31.
“The interruption significantly restricted the incident, potentially affecting around 4% of Capita’s server estate,” the statement reads. “Capita continues its forensic investigations and will inform any customers, suppliers or colleagues that are impacted in a timely manner.”
TechCrunch states, “Capita has reported an incident to us, and we are assessing the information provided.”