Provider of business process services Capita plc (LON:CPI) today provided an update on the cyber incident that occurred in March 2023.
In March 2023, a threat actor gained unauthorised access to certain of Capita’s systems which caused disruption to client services in some parts of Capita’s business.
Based on the forensic work performed, Capita confirmed that some data had been exfiltrated during the incident. Consequently, the company took extensive steps in the immediate period after the incident to recover and secure the exfiltrated data. Capita continues to monitor the dark web and can confirm that it has seen no evidence, subsequent to its recovery activities, that any of the exfiltrated data is in circulation there or elsewhere in the online environment.
As a precautionary measure, Capita offered a 12 month subscription to Identity Plus, a monitoring service provided by UK credit reference agency Experian.
The investigation is now complete and all affected clients, suppliers and employees are in the process of being contacted and Capita continues to support those whose data was exfiltrated.
As a result of the incident, Capita incurred net costs of £25m, comprising specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cyber security environment.
Capita commented:
“The incident was a challenging experience for the Group, and we have taken steps to share our experience and learnings transparently with our clients, suppliers and other companies and plan to continue this good practice in the future. Since the incident we have continued to see good contract growth momentum with a 17% increase in TCV secured in 2023”.