The chief executive of outsourcing firm Capita is to step down as the company reels from a cyber-attack that could result in a hefty fine from the UK’s information and privacy regulator.
Capita said Jon Lewis would step down by the end of the year, making way for Adolfo Hernandez, the vice-president of telecommunications at Amazon Web Services.
The handover was announced with Capita still recovering from the impact of an attack by the Black Basta ransomware group, which hacked the company’s Office 365 software and accessed the personal data of staff working for the company and dozens of clients.
Capita said Lewis was not paying the price for Capita’s vulnerability to the cyber-attack that began in March but had instead delayed his retirement to lead its response to the crisis.
The Information Commissioner’s Office (ICO) has the power to levy penalties on companies that fail to keep people’s private data safe and has issued significant fines in the past. In 2020 it fined British Airways £183m before reducing the penalty to £20m, citing mitigating factors such as the company’s parlous financial position amid the pandemic.
About 90 organisations have said that their data was breached in the attack on Capita, which runs crucial services including pension schemes for local councils, the military and the NHS. Among the victims of the hack were the London boroughs of Barnet and Barking and Dagenham, and South Oxfordshire council.
Capita, which also handles the licence fee for the BBC, has said it expected the incident to cost it between £15m and £20m, covering specialist professional fees, recovery and remediation costs, as well as investment to reinforce its cybersecurity defences and strengthen its IT security.
The estimated sum is not thought to take into account a potential fine from the ICO. Capita has also not disclosed whether it paid a ransom to the hackers, who typically seek to extort money from companies from which they have stolen data.
Capita said Lewis had informed the board that he was considering retirement last year, after trying to revive the business since his appointment in 2017.
after newsletter promotion
The company’s chairman, David Lowden, said he wanted “to pay particular tribute to [Lewis’s] leadership in recent months, during which he decided to delay his possible retirement from Capita due to the cyber incident we experienced in March”.
Capita is due to announce its half-year results on Friday and said that trading for the first six months of the year had been in line with company expectations, despite the impact of the cyber-attack.
