finance

Cyber-attack to cost outsourcing firm Capita up to £25m


Capita expects to take a financial hit of as much as £25m as a result of a cyber-attack that began in March, pushing the outsourcing group to a pre-tax loss of almost £68m for the first half of the year.

The group is still recovering from the attack by the Black Basta ransomware group, which hacked its Microsoft Office 365 software and accessed the personal data of staff working for the company and dozens of clients.

Capita confirmed on Friday that “some data was exfiltrated” from its IT systems but added that this was less than 0.1% of its server estate.

The company added: “That data has been recovered and extensive steps have been taken to secure the data. Impacted customers, suppliers and employees have now been contacted and we are supporting those whose data was exfiltrated.”

It said it was close to completing its investigation into the incident, and said it had learned a lot from the experience.

Capita, which runs crucial services for local councils, the military and the NHS, estimated that the financial costs associated with what it called the “cyber incident” would be between £20m and £25m. Previous estimates had put the cost at £15m to £20m.

The group said this new figure reflected the complexities of analysing the “exfiltrated” data, as well as costs of recovery and remediation and new investment to improve its cybersecurity.

However, Capita said it was not currently able to estimate the level of any potential fine related to the incident, and had not yet made any provision to cover any future costs.

Readers Also Like:  I won £17,500 after my boss sacked me – they advertised to replace me before I’d even gone

The company’s shares fell by more than 12% in morning trading on Friday after the release of its results, making it the biggest faller on the FTSE 250.

After the cyber-attack, about 90 organisations reported breaches of personal information held by Capita to Britain’s data watchdog, the Information Commissioner’s Office.

Capita’s systems are used to administer pension funds for several large firms, including Royal Mail and Axa, covering millions of policyholders, prompting the Pensions Regulator to write to more than 300 pension funds to ask them to check whether data had been stolen by hackers.

skip past newsletter promotion

Capita reported a pre-tax loss of £67.9m in the six months to the end of June, compared with a profit of £100,000 a year earlier, which it said related to costs associated with the cyber-attack, as well as those stemming from exiting some businesses and a goodwill impairment.

The results came only days after the company said its chief executive, Jon Lewis, would step down by the end of the year, making way for Adolfo Hernandez, the vice-president of telecommunications at Amazon Web Services.

Capita said that Lewis was not paying the price of the cyber-attack but had instead delayed his retirement to lead its response to the crisis.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.