All posts tagged: Capita

Hacked pupil records at Capita rise to more than 50k

Hacked pupil records at Capita rise to more than 50k

A full investigation reveals more pupil records have been impacted than initially thought A full investigation reveals more pupil records have been impacted than initially thought More from this theme Recent articles Up to 20,000 more pupils’ data may have been stolen in a cyber-attack on the government outsourcer Capita. Schools Week previously revealed how 30,000 pupil personal data records were thought to have been taken when hackers targeted the company last year. Ninety organisations had reported breaches of personal data held by Capita, which runs primary school SATs for the Standards and Testing Agency (STA). However, in a freedom of information response, the Department for Education has revealed that after a full investigation, 50,780 pupil records were “affected”. This included names, dates of birth, unique pupil number, type of test taken and the schools’ DfE number.  This new figure “may have included duplicates”, the department said, so it was “unable to accurately determine the unique number of pupils that had their personal data compromised”.  The government refused to release the full investigation report as …

Capita loses £180m SATs contract to exam board Pearson

Capita loses £180m SATs contract to exam board Pearson

Schools faced ‘significant frustration’ during outsourcer’s first year, with thousands of papers going missing and wrong marks awarded Schools faced ‘significant frustration’ during outsourcer’s first year, with thousands of papers going missing and wrong marks awarded More from this theme Recent articles Outsourcing giant Capita will no longer manage SATs tests after exam board Pearson won the contract worth up to £180m. A government review had found Capita’s first year overseeing the tests, in 2022, caused “significant frustration and inconvenience” to schools. Exams regulator Ofqual had to step in after thousands of tests went missing, wrong marks were awarded and the helpline went into meltdown. But in correspondence sent to schools today, seen by Schools Week, the Standards and Testing Agency said Pearson has been selected as the preferred supplier from September 2025. A previous tender document said the contract could be worth up to £180 million over seven years. Capital will still manage this year and next year’s SATs. The STA said “all parties concerned will work hard to make this a positive experience …

‘It’s sad’: is the UK real living wage under threat as Capita and BrewDog pull out? | Business

‘It’s sad’: is the UK real living wage under threat as Capita and BrewDog pull out? | Business

The outsourcing company Capita has become the second high-profile business to inform employees it would be dropping its commitment to the real living wage. The independently calculated rate, born out of a grassroots campaign to improve the lives of the UK’s poorest citizens, is meant to ensure the lowest-paid can afford the basic necessities of a decent life. But after two years of 10% increases, as inflation ripped through the economy, Capita has joined the brewer and bar operator BrewDog in telling staff it could no longer afford to pay the real living wage, which increased to £12 an hour. Unions fear more companies may be preparing to follow. At Capita, the Communications Workers Union (CWU), which represents many of the staff – who work on contracts for a range of customers including Virgin Media and Tesco Mobile – is consulting its members about the next steps. Tracey Fossey of the CWU said: “It’s sad: these are the lowest earners and it makes a big difference to them. Capita are saying that they can’t continue …

MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023

MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023

This year, 2023, was a hell of a year for data breaches, much like the year before it (and the year before that, etc.). Over the past 12 months, we’ve seen hackers ramp up their exploitation of bugs in popular file-transfer tools to compromise thousands of organizations; ransomware gangs adopt aggressive new tactics aimed at extorting their victims; and attackers continue to target under-resourced organizations, such as hospitals, to exfiltrate highly sensitive data, like patients’ healthcare information and insurance details. In fact, according to October data from the U.S. Department of Health and Human Services (HHS), healthcare breaches affected more than 88 million individuals, up by 60% compared to last year. And that doesn’t even account for the last two months of the year. We’ve rounded up the most devastating data breaches of 2023. Here’s hoping we don’t have to update this list before the year is out… Fortra GoAnywhere Just weeks into 2023, hackers exploited a zero-day vulnerability affecting Fortra’s GoAnywhere managed file-transfer software, allowing the mass hacking of more than 130 companies. This …

Capita breach fallout widens as customers learn of data theft

Capita breach fallout widens as customers learn of data theft

The fallout from Capita’s cyber incident continues as customers say the British outsourcing giant has told them to assume that data was stolen by hackers. The Universities Superannuation Scheme (USS), the U.K.’s largest private pension provider, said on Friday that the personal details of almost half a million members were held on servers accessed during the recent breach. The USS, which uses Capita’s online pensions administration system Hartlink, said Capita informed it on May 11 that the personal details of 470,000 active, deferred and retired members had potentially been accessed. This data included members’ names, dates of birth, National Insurance numbers, and USS member numbers. “While Capita cannot currently confirm if this data was definitively ‘exfiltrated’ (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was,” USS said in a statement. “We are awaiting receipt of the specific data from Capita, which we will in turn need to check and process.” USS said it will contact affected members (and their employers, if applicable) as soon as possible to apologize …

Security researcher finds trove of Capita data exposed online

Security researcher finds trove of Capita data exposed online

London-based outsourcing giant Capita left a trove of data exposed online for 7 years, TechCrunch has learned, just weeks after the company admitted to a data breach potentially impacting customer data.  Requesting anonymity, a security researcher alerted TechCrunch to an unprotected Amazon-hosted storage bucket, which was secured by Capita last week.  The AWS bucket, which the researcher said had been exposed to the internet since 2016, contained approximately 3,000 files totaling 655GB in size. There was no password on the bucket, allowing anyone who knew the easy-to-guess web address access to the files. Details of the exposed cloud server were also captured by GrayHatWarfare, a searchable database that indexes publicly visible cloud storage. The exposed data included software files, server images, and numerous Excel spreadsheets, PowerPoint presentations and text files, according to a sample of filenames reviewed by TechCrunch. One of text files contained login details for one of Capita’s systems, the security researcher told TechCrunch, and some filenames that suggested data was being uploaded to the exposed bucket as recently as this year. It’s …

Outsourcing giant Capita fears customer data stolen during ransomware attack

Outsourcing giant Capita fears customer data stolen during ransomware attack

Capita, the British outsourcing company that provides critical services for the U.K. government, says hackers may have accessed customer data during a cyberattack last month. The London-based outsourcing giant, whose customers include the NHS, the U.K. military, and the Department for Work and Pensions, said in a statement on Thursday that its investigation into the March attack unearthed evidence of “limited data exfiltration” which “might include customer, supplier or colleague data.” Capita hasn’t said how many customers have been affected or what types of data were accessed. Russ Lynch, an agency spokesperson representing Capita, told TechCrunch the company would not comment beyond its statement. However, a Sunday Times report claimed that the Russian-speaking Black Basta ransomware group, which claimed responsibility for the attack, published personal bank account details, passport photos and addresses, along with personal data belonging to teachers’ applying for jobs at schools. The gang is also believed to be responsible for the recent attack on U.S. satellite television provider Dish. At the time of writing, Capita is not listed on Black Basta’s dark …