Start your claim
Trustpilot

Capita Data Breach

If an organisation has failed to protect your data, whether due to a breach or the mishandling of your personal information, you are not alone. Across the UK, people are joining forces to challenge corporate wrongdoing. If your data has been misused or compromised, you may be entitled to compensation.

Trustpilot

Capita Data Breach

Capita is one of the UK’s largest outsourcing and professional services companies. Earlier this year, the business suffered two major data breaches, affecting millions of UK residents. Capita works with many public and private organisations and provides vital services for local councils, the UK military and the NHS.

The company handles the personal information of millions of people and administers the pension funds for a number of large firms, including the Royal Mail, Axa, PwC and the Universities Superannuation Scheme (USS), which is the main pension fund for universities in the UK.

What happened during the Capita data breaches?

Capita data hack – The first breach

In March 2023, Capita reported a cyber-attack. Its investigation found that unauthorised access began on or around 22 March and was interrupted on 31 March. The attack was allegedly carried out by Russian hackers.

Around 90 organisations were affected, including the Royal Mail, the NHS, AXA, the Universities Superannuation Scheme, the Ministry of Defence and the Royal Bank of Scotland. Capita administers pension funds for many of these bodies and acts as a data processor holding information for thousands of employees.

The Pensions Regulator (TPR) contacted more than 300 pension funds asking them to check whether their data had been stolen. Several confirmed they were affected. Data potentially accessed included names, addresses, dates of birth, National Insurance numbers and financial details.

In July, Capita admitted that some of its own employees were also impacted. Three months after the attack, staff were told their personal data including marital status, contact details, salary information and employment history had been compromised. Capita said it was taking “extensive steps” to recover and secure the data and had hired a consultant to ensure it was not sold on the dark web.

Capita data breach – The second breach

A second breach was announced in 2023, when it was reported that Capita had left benefits data files in publicly accessible storage. These files had not been protected by passwords since as far back as 2016. Several councils said they believed their data may have been compromised. The breach was allegedly caused by an exposed Amazon S3 bucket, a cloud-based service that allows businesses to store data online.

If an S3 bucket is not properly configured, anyone can access it, creating a significant security risk. The bucket used by Capita, which contained sensitive information, was allegedly left publicly accessible, allowing cybercriminals to steal the data. This reportedly included benefits information from local councils, such as names, addresses, dates of birth and National Insurance numbers.

The Capita data breaches could affect millions of UK pension holders, employees and people on benefits. If you have been affected, you could be entitled to compensation. Contact our team today to find out if you are eligible to make a claim and discuss the next steps.

Get the best legal team on your side

  • Over 1,000 years of combined legal expertise
  • Leading experts in data breach and group actions
  • We’ll get you more compensation than anyone else
  • We win the cases other firms can’t
  • Fully independent, and fully regulated.
Trustpilot

Who has been affected by the Capita data breaches?

We’re not yet aware of the full extent of the Capita data breaches. Britain’s data watchdog, The Information Commissioners Office (ICO), stated earlier this year that around 90 organisations reported breaches of personal information held by Capita. The attack also prompted the Pensions Regulator (TPR) to write to more than 300 pension funds to ask them to check whether data had been stolen by hackers.

The second breach is also said to have affected many local councils, with Colchester Council sharing its “extreme disappointment with Capita” after it found that benefits data from 2019-20 and 2020-21 were unsecured.

The following pension plans and local authorities may have been affected:

Pension Schemes:

  • The Universities Superannuation Scheme (USS)
  • Unilever pension scheme
  • Marks and Spencer pension scheme
  • PwC pension scheme
  • Diageo pension scheme
  • Rothesay pension scheme
  • BAE systems

Local Authorities:

  • Adur and Worthing Councils
  • Colchester Council
  • Coventry City Council
  • Derby City Council
  • Rochford District Council
  • South Staffordshire Council

Others:

  • Capita employee data
  • GP data

If you have received any correspondence from your pension regulator, local authority or Capita itself stating that your data may have been affected, you could be entitled to claim compensation. It’s important you take action if your data has been affected to protect yourself. This involves checking your bank account for any unusual activity, changing passwords if needed, and checking to see if any credit has been taken out in your name, which can be done through credit monitoring software such as Experian. Stay vigilant and be aware of phishing scams, fraud, and identity theft, as we often see victims of similar data breaches become the target of cybercriminals.

What personal information was breached in the Capita data breaches?

There have been two alleged data breaches on data held by Capita, and each one affects different people, organisations, and information. Below is a list of data that could have been breached:

This data includes:

  • Names and titles
  • Initials
  • Dates of birth
  • National insurance numbers
  • Retirement dates
  • Membership numbers
  • Financial/bank details

If you suspect that your personal data could have been breached as part of the Capita data breaches or you have received correspondence notifying you of such, you can contact the organisation responsible for your personal information directly to get further information. You can also get in touch with our expert data breach solicitors to learn about possible next steps if you have evidence to show your personal data was involved in the Capita data breach.

What our clients say

Trustpilot

See all reviews

Express Solicitors can help with your Capita data breach claim

Express Solicitors has a team of specialist data breach solicitors who have years of experience working in the sector and fighting to gain compensation for those who have been the victim of a data breach. Our in-depth understanding of the relevant legal statutes and regulations ensures we can provide the best possible chance of you getting the compensation you deserve.

We offer free, no-obligation consultations to help you determine if you can pursue a claim. We also take on claims on a no-win, no-fee basis, so you don’t have to pay a penny upfront, and if your claim is unsuccessful, you don’t owe us anything.

If you would like to discuss a potential claim against Capita, get in touch with us today to find out more.

Step 1

Get in contact by using one of our contact forms throughout the site.

Step 2

We will assess your case based on the information you provide.

Step 3

If you have a valid claim, we will accept your case on a No Win No Fee basis.

Start your claim

Free Consultation

You can contact Express Solicitors for a free consultation with no obligation, where we will take the time to understand your claim and offer clear, helpful guidance on your next steps.

No-Win-No-Fee

We can assist you on a no win, no fee basis, so you will only need to pay us if your claim is successful and compensation is awarded.

Client Communication

If your case is accepted, our team of Data Protection Solicitors will handle the process on your behalf and keep you informed at every stage.

Our Group Actions team

The Express Group Actions team has years of experience supporting clients with data breach, data protection and cybercrime claims against large organisations. We have been part of the biggest group action settlement in England and Wales in respect of a data breach. We understand the harm and distress that can result when your personal information is not handled properly or has been compromised. We are committed to helping you secure the compensation you deserve.

Partners
Brian
Higgs

Partner - Head of Group Actions

Read Bio
Group Actions
Gladuela
Lawrence

Senior Associate Solicitor

Read Bio
Group Actions
Dan
Higham

Solicitor

Read Bio

Why choose Express Solicitors? 

No matter how tricky the case, we treat every claim with the utmost care and empathy. Our mission? To get you the justice you deserve.

With our no win, no fee arrangements, you can pursue your claim without stressing over upfront costs or legal fees.

We’re proud of our ‘Excellent’ rating on Trustpilot and our accreditation by the Solicitors Regulation Authority (SRA). It shows just how committed we are to professional integrity and making our clients happy.

So, why wait? Reach out today to kickstart your compensation claim and see how much you might be entitled to.

No Win No Fee, Free Consultation

Please fill out the form below to get started with your claim

Call us on 0161 904 4661

Lines are open now and our legal advisors are on standby to tell you if you can make a claim.

Call: 0161 904 4661

Start your claim online

Complete our simple form to receive a call back from our expert legal team.

Start your claim