The UK’s information watchdog has fined outsourcing agency Capita £14m after the private information of 6.6 million folks was stolen in a cyber-attack.
The Data Commissioner’s Workplace (ICO) mentioned Capita “failed to make sure the safety of processing of non-public information which left it at vital danger”.
The positive was initially set at £45m however lowered after discussions between Capita and the watchdog.
Capita’s boss Adolfo Hernandez mentioned the agency was “happy to have concluded this matter and reached right now’s settlement”.
He mentioned the corporate had “massively strengthened” its cyber-security resilience and was vigilant.
Capita gives skilled and outsourcing providers in a lot of totally different fields for the private and non-private sectors.
It made £2.4bn in income final yr, based on its newest annual report.
After the hack in March 2023, it emerged Capita had left a pool of data unsecured online.
Data apparently containing Capita information – together with residence addresses and passport pictures – began to circulate on the dark web.
The ICO mentioned monetary information had been stolen, and in some circumstances particulars of felony information had been hacked.
Capita additionally manages administration for greater than 600 pension schemes, and 325 of them have been affected.
“Capita failed in its responsibility to guard the information entrusted to it by tens of millions of individuals,” mentioned Data Commissioner John Edwards.
“The size of this breach and its influence might have been prevented had enough safety measures been in place.”
The proposed £45m positive was taken right down to £14m after Capita argued it had made enhancements to its cyber-security, supplied assist for folks affected and engaged with different regulators and the Nationwide Cyber Safety Centre (NCSC).
“Corporations being held financially accountable for information safety failings is an effective factor,” mentioned Trevor Dearing from cyber-security firm Illumio.
“It sends a message to the market that regulators are critical and tells victims that their stolen information does matter.”
Earlier this yr, retailer Co-op was hit by a hack the place the main points of all of its roughly 6.5m customers was stolen.
This got here amongst different high-profile cyber-attacks to M&S, Harrods and Jaguar Land Rover.
On Tuesday, the NCSC confirmed there had been a rise in nationally vital assaults this yr.
It got here as the federal government wrote to bosses across the nation advising them to have their contingency plans written down on paper, in case they lose entry to their computer systems in a hack.
