The UK’s knowledge watchdog has fined outsourcing agency Capita £14m after the private knowledge of 6.6 million individuals was stolen in a cyber-attack.
The Info Commissioner’s Workplace (ICO) mentioned Capita “failed to make sure the safety of processing of private knowledge which left it at vital danger”.
The tremendous was initially set at £45m however decreased after discussions between Capita and the watchdog.
Capita’s boss Adolfo Hernandez mentioned the agency was “happy to have concluded this matter and reached right this moment’s settlement”.
He mentioned the corporate had “massively strengthened” its cyber-security resilience and was vigilant.
Capita supplies skilled and outsourcing companies in various totally different fields for the private and non-private sectors.
It made £2.4bn in income final yr, based on its newest annual report.
After the hack in March 2023, it emerged Capita had left a pool of data unsecured online.
Info apparently containing Capita knowledge – together with residence addresses and passport pictures – began to circulate on the dark web.
The ICO mentioned monetary knowledge had been stolen, and in some instances particulars of legal data had been hacked.
Capita additionally manages administration for greater than 600 pension schemes, and 325 of them have been affected.
“Capita failed in its obligation to guard the information entrusted to it by thousands and thousands of individuals,” mentioned Info Commissioner John Edwards.
“The dimensions of this breach and its impression may have been prevented had enough safety measures been in place.”
The proposed £45m tremendous was taken all the way down to £14m after Capita argued it had made enhancements to its cyber-security, provided assist for individuals affected and engaged with different regulators and the Nationwide Cyber Safety Centre (NCSC).
“Firms being held financially accountable for knowledge safety failings is an efficient factor,” mentioned Trevor Dearing from cyber-security firm Illumio.
“It sends a message to the market that regulators are severe and tells victims that their stolen knowledge does matter.”
Earlier this yr, retailer Co-op was hit by a hack the place the main points of all of its roughly 6.5m customers was stolen.
This got here amongst different high-profile cyber-attacks to M&S, Harrods and Jaguar Land Rover.
On Tuesday, the NCSC confirmed there had been a rise in nationally vital assaults this yr.
It got here as the federal government wrote to bosses across the nation advising them to have their contingency plans written down on paper, in case they lose entry to their computer systems in a hack.
