- A huge £45 million was handed to Capita, but this was reduced to £14 million in a voluntary settlement
- The penalty follows a data breach that saw financial information exposed
- UK institutions have been targeted in a string of high profile ransomware attacks
A £14 million fine ($18.7 million) has been doled out to Capita, the UK’s largest outsourcing, consulting, and digital services business due to security failings - this is one of the largest fine ever issued by the Information Commissioners Officer (ICO).
The fine follows a data breach that saw over 6 million people’s information compromised in a ransomware attack back in 2023. British organisations are facing scrutiny after a string of high profile ransomware attacks, creating victims of M&S, Harrods, and Jaguar Land Rover to name a few.
"With so many cyber attacks in the headlines, our message is clear: every organisation, no matter how large, must take proactive steps to keep people's data secure," said John Edwards, UK Information Commissioner.
Inadequate safety
Personal information was compromised in the breach, including names, dates of birth, and addresses - along with financial information like card numbers and CVVs. This not only leaves those impacted at risk of identity theft but also of credit card fraud and theft.
Capita was found to have failed in implementing adequate safety measures to prevent privilege escalation along with unauthorized lateral movement through its networks - and the firm was not efficient enough in its response to security alerts.
“Capita failed in its duty to protect the data entrusted to it by millions of people. The scale of this breach and its impact could have been prevented had sufficient security measures been in place,” Edwards continued.
Capita initially reported that there was ‘no evidence of customer, supplier or colleague data having been compromised’. However, it was later revealed that the firm and its pensions subsidiary had data exposed in the incident, pertaining to Capita staff, customers, and partnering organizations.
The fine is a voluntary settlement and is a significant reduction on the initial proposed penalty form the regulator, which was a gigantic £45 million ($60 million).
Capita CEO Adolfo Hernandez released this statement following the penalty;
“When I joined as CEO the year after the attack I accelerated our cyber security transformation, with new digital and technology leadership and significant investment. As a result, we have hugely strengthened our cybersecurity posture, built in advanced protections and embedded a culture of continuous vigilance."
“Following an extended period of dialogue with the ICO over the last two years, we are pleased to have concluded this matter and reach today’s settlement. The Capita team continues to focus tirelessly on our Group transformation journey for the benefit of our customers, our people and wider society.”
Via:The Record
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for best antivirus software
- Attackers claim they hacked Nissan's design studio and stole 4TB of data
