Capita admits possible compromise of customer data during cyberattack

Written by Sam Trendall on 20 April 2023 in News

Attackers had unauthorised access for nine days, outsourcing firm announces

Credit: Pixabay/Memed Nurrohmad

Major government supplier Capita has announced that customer data may have been stolen during a cyberattack in which intruders had access to the outsourcing firm’s systems for nine days.

In an update published today, the IT and services company said that it believes attackers gained “unauthorised access on or around 22 March”. 

This access was not “interrupted” until 31 March, during which time an estimated 4% of Capita’s servers were impacted, a figure which the claimed demonstrated that “the incident was significantly restricted” by its interruption. 

The outsourcer added, however, that there are indications that some data was extracted from its systems – potentially including information on public-sector customers.

“There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data,” the update said. “Capita continues to work through its forensic investigations and will inform any customers, suppliers or colleagues that are impacted in a timely manner.”

The company said that the primary impact of the incident was a restriction of employees’ internal access to Microsoft Office 365 applications – although some client services were disrupted, a small number of which may still be feeling the after-effects, today’s announcement suggested.

“Since the incident, Capita and its technical partners have restored Capita colleagues’ access to Microsoft Office 365,” it said. “The majority of Capita’s client services were not impacted by the incident and remained in operation, and Capita has now restored virtually all client services that were impacted.”

Related content

The statement added: “In parallel with the services restoration activity, Capita has continued to work closely and at speed with specialist advisers and forensic experts in investigating the incident to provide assurance around any potential customer, supplier or colleague data exfiltration.”

The update concluded that “Capita continues to comply with all relevant regulatory obligations” in relation to the incident, which was publicly announced on 3 April – the Monday after the attack had been interrupted on Friday 31 March.

The outsourcing outfit is one of the public sector’s biggest technology providers, holding billions of pounds of government contracts, and featuring on the Crown Commercial Service’s list of strategic suppliers – which contains 40 of Whitehall’s most significant commercial partners.

Shortly after the Capita attack was first revealed, the government said that it believed there had been “minimal impact on government departments” and that it was “in regular contact with the company” for further updates.

Following the announcement of possible theft of customer data during the incident, PublicTechnology contacted the Cabinet Office – which issued a near-identical statement as it did several weeks ago.

"We are aware of the cyber incident which affected Capita and are in regular contact with the company," a government spokesperson said. "The issue primarily affected internal processes with minimal impact on government services." 


apita’s largest public-sector engagements include a contract to carry out health and disability assessments on behalf of the Department for Work and Pensions. The deal was initially signed 11 years ago and was most recently to extended until 31 July of this year, an extension that takes the contract’s total value to more than £550m.

Other major deals held by the firm include a £107m contract with the Department for Education to support the provision of national curriculum tests and a £45m three-year deal to provide training services to military personnel, as well as a large number of smaller deals with customers across the public sector, including various local authorities and NHS organisations.


About the author
Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

Rochford District Council pins data breach on Capita’s ‘unsafe storage’
17 May 2023

Authority claims it is taking ‘swift and decisive action’ in response to incident it claims affected several councils

Cost of developing emergency alerts system pegged at £25m
5 June 2023

Minister reveals up more than £4m spent on testing, security and other support contracts

Ex-intelligence chief ‘appalled’ at ministers’ use of private messages
1 June 2023

Former GCHQ and Home Office leader David Omand expresses disapproval of use of WhatsApp and other platforms for government business

ICO urges Capita customers to ‘check their position’ after 90 organisations report data breaches
31 May 2023

Technology services firm has revealed two data-compromising incidents in recent week


Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...