Capita Confirms Data Exfiltration Following Cyber-Incident

IT Services company Capita, based in London, has released an update on the cyber-incident that occurred at the beginning of the month, acknowledging that hackers have stolen data from its systems. The company has worked with security specialists to discover that approximately 4% of its server infrastructure was accessed by hackers, and files hosted on these servers were stolen. Capita’s statement confirmed that “There is currently some evidence of limited data exfiltration from the small proportion of affected server estate, which might include customer, supplier, or colleague data.”

Capita will continue to investigate the cyber-incident and provide updates if any evidence arises that shows that customers, suppliers, or colleagues have been impacted.

Alleged BlackBasta Ransomware Attack

On March 31, 2023, Capita reported an IT issue that affected its services. Three days later, the company announced that a cyberattack caused the outage, preventing access to its internal Microsoft Office 365 applications. The impact of the attack was evident in the reduced availability of client systems, including state organizations in the UK.

According to the latest update, the initial unauthorized access to Capita’s systems occurred on March 22, 2023, and remained uninterrupted until the firm detected the breach on March 31, 2022. Black Basta, a ransomware group, posted Capita on its extortion portal on the dark web using a private link on April 17, 2023. The group threatened to sell stolen data to interested buyers unless the victim paid the ransom.

The data samples that Black Basta posted at the time include personal bank account details, physical addresses, passport scans, and other sensitive information. Capita has not commented publicly on the allegations or mentioned anything about ransomware in its recent statement, so the validity of these claims remains unconfirmed. Capita’s entry on Black Basta’s extortion site remains private, indicating that the ransom payment may currently be under negotiation.

IT Services has contacted Capita to request a comment about Black Basta’s allegations and whether or not they have communicated with the threat actors, but a spokesperson declined to provide an answer.

Update 4/21 – Post updated to correct a factual error regarding Capita’s entry on Black Basta’s extortion site

Leave a Reply

Your email address will not be published. Required fields are marked *