8,000 claimants sue Capita over 2023 data breach
LONDON, UNITED KINGDOM — Nearly 8,000 claimants joined a lawsuit against outsourcing giant Capita following a significant data breach in March 2023.
The breach, attributed to the Black Basta ransomware group, sparked widespread criticism over Capita’s handling of the incident.
Barings Law leads largest case vs. Capita
Manchester-based Barings Law is spearheading the legal action, marking it as the largest case against Capita worldwide.
Adnan Malik, Head of Data Breach at Barings Law, emphasized the scale of the lawsuit, stating, “We’re expecting our application with the High Court to be presented next year due to several delays in the justice system.”
Despite the breach occurring 18 months ago, interest in the case continues to grow. Malik noted that new claimants are signing up daily, indicating ongoing concern and dissatisfaction with Capita’s response.
Delayed notifications spark outrage
The breach initially occurred on or around March 22, 2023, and was contained by March 31. However, Capita reported “limited data exfiltration” from compromised servers a month later. The delay in notifying affected parties has been a significant point of contention.
The Universities Superannuation Scheme (USS), managing £82 billion ($109 billion) for its 500,000 members, promptly informed its members in May 2023 that their data was compromised.
In contrast, Barings Law highlighted instances where individuals were notified more than a year after the attack. Malik expressed concern over delayed notifications, citing cases where sensitive personal information was exposed.
Impact on pension schemes and ongoing partnerships
One claimant, a mining veteran from Yorkshire, learned about the breach through media reports three months before receiving official notification from his pension provider and Capita. This delay has fueled criticism of Capita’s communication strategy post-breach.
In response to the breach, some pension schemes have taken action. The Mineworkers’ Pension Scheme announced that Brightwell would replace Capita as its administrator by January 2025. However, other schemes like the Royal Mail Statutory Pension Scheme continue their partnership with Capita under a renewed contract worth £48 million ($63 million) over eight years.
Capita has refrained from commenting on ongoing legal proceedings when approached by Infosecurity. As the case progresses, it remains to be seen how this legal battle will unfold and what implications it may have for data security practices within large corporations.