The UK ICO fined Capita £14 million for a data breach that compromised the personal data of 6.6 million individuals, including clients and pension providers. The breach resulted from a cyberattack by the Black Basta gang, highlighting weaknesses in Capita’s cybersecurity practices. #BlackBasta #Capita
Keypoints
- Capita was fined for failing to adequately secure sensitive data and respond promptly to cyber threats.
- The cyberattack involved unauthorized access to 4% of Capita’s internal network over 58 hours.
- hackers exfiltrated nearly one terabyte of data before deploying ransomware and resetting passwords.
- Weak access controls, delayed threat detection, and insufficient risk management contributed to the breach.
- Capita has since committed to strengthening its cybersecurity measures despite the fine.