Come clean on staff exposure to cyber attack data breach, Capita told

Telecoms & Financial Services, Capita

Clarifications over the extent to which Capita members’ personal details were compromised by March’s cyber attack on the company are being urgently sought by the CWU amid growing unease as to the nature and scale of the threat the security breach could pose to employees.

Despite initial assurances by management that the criminal hacking  was “limited to the Capita network” and that there was “no evidence of colleague, client or customer data having been compromised,” media speculation has been steadily mounting over the past few months that the breach may have been more serious than originally thought.

Back in April Capita CEO Jon Lewis revealed that “there is now some evidence of a limited amount of data leaving the business from a small proportion of our servers.”

“Investigations are ongoing,” the CEO continued, but this might include colleague data.”

That statement – along with the company’s separate public confirmation that a “limited” data breach “might include customer, supplier or colleague data” – coincided with the Government’s confirmation that the National Cyber Security Centre was issuing an “official threat notice” to operators of critical national infrastructure amid concerns about a growing cyber threat, particularly from Russia.

Accordingly the CWU issued an urgent demand for clarity from Capita as the extent to which employees should be concerned about the security of sensitive personal information held on the company’s systems.

Writing to the company’s chief operating officer Paul Stanfield on behalf of the union’s entire Capita membership across the Capita O2 & Tesco Mobile Partnerships and TV Licensing on Monday April 24, CWU national officer Tracey Fussey pointed out that the possible breach of ‘colleague data’ had “naturally created a plethora of questions” for members – as well as triggering a number of media enquiries for the union.

While that approach did at least initiate a dialogue of sorts, CWU dismay at the company’s continuingly opaque and tight-lipped response to legitimate employee concerns has been steadily mounting – reaching new heights late last week when, without any forewarning, it emerged that company that processes employee data on behalf of the Capita pension scheme has confirmed a personal data breach has indeed occurred.

In a special joint statement issued to Capita members by the CWU  last week, both Tracey Fussey and acting deputy general secretary (Postal) Andy Furey hit out at the company’s continuing failure to keep the CWU properly informed on matters that have a clear and urgent relevance to the union’s Capita membership.

“The CWU is disappointed that, even though we have been in correspondence with Capita regarding the data breach in March 2023, and have from that point been in dialogue seeking clarification as to any employee data breach, they have failed to notify us of the detail,” the joint statement reads.

“We are currently in the process of seeking an urgent meeting with Capita to discuss the breach and consequent impact upon our members and will keep members updated accordingly.

“This is naturally causing considerable concern and worry for our members, who are keen to understand what has been compromised and what steps to now take.”

Speaking to CWU News, Tracey concludes: “These aren’t unreasonable questions to ask – not least because an understanding of what type of personal information may be in the hands of the hackers would help individuals understand where they may be vulnerable and what they need to be extra vigilant about to mitigate any risk.

“Capita owes it to its employees to answer these questions as soon as is humanly possible – and members can rest assured that CWU will keep up the pressure until it does.”

  • Meanwhile, the CWU’s Legal Services Department, in partnership with Keller Postman UK Solicitors, is offering assistance to members with regards to claims for compensation relating to losses sustained as a result of data breaches or cyber-crime.

Contact details for the Keller Postman team can be found in this informative PDF information sheet, as well as further details pertaining to the Capita breaches and advice on how to deal with them if you are impacted.

Email and telephone contact details are provided for anyone with pressing questions that are not answered in the PDF.

If members receive notification that they are affected by a Capita data breach, they can register to receive updates on the investigation into the breach and submit a no-win, no-fee data breach compensation claim.

Members are also advised to contact their local branch with any enquiries.