iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Capita is looking at a bill of as much as £20 million (roughly $37.2 million) for the cyber attack it suffered last month, which led to customer, staff and supplier data being accessed by threat actors.
The organisation, which provides third-party services for the UK Military and the National Health Service (NHS), confirmed that data had been accessed in the attack by the Russian hacking group Black Basta, which occurred at the end of March.
While Capita initially said that there was no sign that any data had been compromised, it later revealed that threat actors did infiltrate its systems on 22 March and were only detected on 31 March, nine days later.
The company said that the data accessed was from a very small portion of its network.
“Capita understands now, based on its own forensic work and that of its third-party providers, that some data was exfiltrated from less than 0.1 per cent of its server estate,” the company said in a statement.
“Capita has taken extensive steps to recover and secure the customer, supplier and colleague data contained within the impacted server estate, and to remediate any issues arising from the incident.”
With the company implementing so many measures to protect its £6.5 billion (just over $12 million) in public sector contracts and 50,000 staff, Capita expects that the bill will be as high as £20 million.
“Capita expects to incur exceptional costs of approximately £15 million to £20 million associated with the cyber incident, comprising specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cyber security environment,” the company said in a statement on its website.
“Capita has also taken further steps to ensure the integrity, safety and security of its IT infrastructure to underpin its ongoing client service commitments.”
Black Basta claimed responsibility for the attack and has listed sensitive information on its leak site.
Data includes phone numbers, home addresses, the details of over 100 bank accounts and the personal data of teachers applying for jobs at schools.
Black Basta said that the listed information is just a sample of what it stole; however, the data is yet to be verified by Capita.
Be the first to hear the latest developments in the cyber industry.
