Capita Warns Buyer Information Could Have Been Stolen in Cyber Assault

Capita Plc, one of many UK’s largest outsourcing corporations, stated that buyer knowledge could have been stolen throughout a current cyberattack.

There’s “at present some proof of restricted knowledge exfiltration from the small proportion of affected server property which could embrace buyer, provider or colleague knowledge,” the corporate stated in an announcement Thursday.

The hack began “on or round” March 22, it added, and was interrupted by Capita on March 31.

Capita is an important supplier of IT to the Nationwide Well being Service and likewise helps to implement the BBC license price. The assault blocked inner Microsoft Workplace 365 functions and disrupted some purchasers, Capita stated earlier this month.

“The vast majority of Capita’s shopper providers weren’t impacted by the incident and remained in operation, and Capita has now restored just about all shopper providers that had been impacted,” the corporate stated.

Ransomware

Earlier in April, a Russian-speaking felony hacking group often called Black Basta claimed duty for breaching Capita’s techniques.

On its web site, Black Basta posted copies of passports, addresses and checking account particulars that it stated it had stolen from Capita’s computer systems. Capita has not confirmed the authenticity of the documentation and has stated it’s investigating the matter.

Black Basta usually breaks into computer systems earlier than utilizing ransomware, a sort of malicious software program, to lock the computer systems in order that they can’t be used. The gang then calls for fee in cryptocurrency to unlock the computer systems, whereas concurrently threatening to publish stolen knowledge if not paid.

In accordance with the cybersecurity agency Pattern Micro, Black Basta was first recognized in April 2022 and the majority of its victims had been final yr positioned in North America. The group has focused organizations throughout a spread of sectors, together with building, skilled providers, style, transportation and finance.

Servers at a knowledge middle of VK Firm Ltd, in Moscow, Russia, January 19, 2022. Picture credit score: Andrey Rudakov/Bloomberg

Copyright 2023 Bloomberg.

Subjects
Cyber
Fraud