On March 22, 2023, Capita PLC (“Capita”) experienced a cyber incident which it announced in a press release on April 3, 2023 and an update on April 20, 2023. Capita identified the incident on March 31, 2023, and confirmed the incident caused disruption to some services provided to individual clients, which has now been resolved. On April 21, 2023, the UK Information Commissioner’s Office (“ICO”) issued a statement confirming that Capita reported the incident and the ICO is investigating. The ICO also noted that other organizations affected by the incident should “consider their position[s]” and, if necessary, submit a breach notification.
Since the ICO statement, the UK Pensions Regulator has asked trustees responsible for funds that use Capita as an administrator to assess whether clients’ data is at risk. In a letter written by the Pensions Regulator, it urged funds to “determine whether there is a risk to their scheme’s data.” In addition, the UK Financial Conduct Authority (“FCA”) has urged FCA-regulated firms, such as funds and insurers who engage with Capita, to determine whether any data they are responsible for has been affected by the incident.