Outsourcing firm Capita is bracing for a financial blow of up to £25 million due to a cyber-attack originating in March, causing the company to incur a pre-tax loss of nearly £68 million in the first half of the year. The attack, attributed to the Black Basta ransomware group, targeted Capita’s Microsoft Office 365 software, compromising sensitive data belonging to its workforce and numerous clients.
Although Capita stated that only a small fraction of its server estate, less than 0.1%, had been breached, the breach prompted the company to take extensive measures to secure the compromised data and support affected parties.
Capita, known for providing essential services to entities such as the NHS, local councils, and the military, revealed that the financial fallout from the “cyber incident” could range between £20 million and £25 million.
This updated estimate factors in the complexities of analyzing the “exfiltrated” data, recovery and remediation costs, and investments aimed at bolstering cybersecurity. Despite this, the firm remains unable to gauge the potential fines stemming from the incident and has yet to allocate funds for prospective expenses.
Following the cyber-attack, around 90 organizations reported breaches of personal information held by Capita, prompting scrutiny from the Information Commissioner’s Office.
The breach exposed the vulnerabilities of Capita’s systems, which are responsible for administering pension funds for major firms like Royal Mail and Axa. As Capita navigates this crisis, it recently announced the upcoming departure of CEO Jon Lewis, who will be succeeded by Adolfo Hernandez from Amazon Web Services, signifying the company’s commitment to addressing the aftermath of the cyber incident and enhancing its cybersecurity measures.
