Malware
“Major Cybersecurity Breach: Capita Admits Data Theft by Hackers – Urgent Action Required”
Capita, a UK-based business process outsourcing company, has confirmed that it has suffered a cyberattack in which hackers have stolen data. The company has stated that it is working with the relevant authorities to investigate the incident and is taking steps to enhance its cybersecurity measures. The exact nature and scope of the data breach are not currently known.
Capita Confirms Data Exfiltration Following Cyber-Incident
IT Services company Capita, based in London, has released an update on the cyber-incident that occurred at the beginning of the month, acknowledging that hackers have stolen data from its systems. The company has worked with security specialists to discover that approximately 4% of its server infrastructure was accessed by hackers, and files hosted on these servers were stolen. Capita’s statement confirmed that “There is currently some evidence of limited data exfiltration from the small proportion of affected server estate, which might include customer, supplier, or colleague data.”
Capita will continue to investigate the cyber-incident and provide updates if any evidence arises that shows that customers, suppliers, or colleagues have been impacted.
Alleged BlackBasta Ransomware Attack
On March 31, 2023, Capita reported an IT issue that affected its services. Three days later, the company announced that a cyberattack caused the outage, preventing access to its internal Microsoft Office 365 applications. The impact of the attack was evident in the reduced availability of client systems, including state organizations in the UK.
According to the latest update, the initial unauthorized access to Capita’s systems occurred on March 22, 2023, and remained uninterrupted until the firm detected the breach on March 31, 2022. Black Basta, a ransomware group, posted Capita on its extortion portal on the dark web using a private link on April 17, 2023. The group threatened to sell stolen data to interested buyers unless the victim paid the ransom.
The data samples that Black Basta posted at the time include personal bank account details, physical addresses, passport scans, and other sensitive information. Capita has not commented publicly on the allegations or mentioned anything about ransomware in its recent statement, so the validity of these claims remains unconfirmed. Capita’s entry on Black Basta’s extortion site remains private, indicating that the ransom payment may currently be under negotiation.
IT Services has contacted Capita to request a comment about Black Basta’s allegations and whether or not they have communicated with the threat actors, but a spokesperson declined to provide an answer.
Update 4/21 – Post updated to correct a factual error regarding Capita’s entry on Black Basta’s extortion site