Business
UK ICO Imposes £14 Million Penalty on Capita Following Data Breach
On October 15, 2025, the UK Information Commissioner’s Office (ICO) announced a significant fine of £14 million against Capita due to severe lapses in data security following a major data breach. The penalty is divided between Capita plc, which faces a £8 million fine, and Capita Pension Solutions Limited, which is fined £6 million. This action underscores the serious implications of inadequate cybersecurity measures in handling personal data.
The breach, which occurred in March 2023, resulted in unauthorized access to the personal data of approximately 6.6 million individuals. The compromised information included sensitive details such as pension records, employee information, and customer data from various organizations supported by Capita. For a subset of those affected, the breach also involved particularly sensitive personal information, including financial data, criminal records, and special category data.
Details of the Cybersecurity Incident
The incident began when a malicious file was inadvertently downloaded onto an employee’s device on March 22, 2023. Despite a high-priority security alert being triggered within 10 minutes of the download, the affected device remained unquarantined for an alarming 58 hours. This delay significantly exceeded Capita’s targeted response time of one hour, allowing the cyber attacker to exploit the company’s systems, gain administrator privileges, and access extensive parts of the network. Ultimately, the attacker exfiltrated nearly one terabyte of data before deploying ransomware that locked Capita personnel out of their own systems.
An investigation by the ICO revealed multiple areas of concern regarding Capita’s security protocols. One major issue was the lack of a tiered approach to administrative accounts, which enabled the attacker to move laterally across different systems and domains. This vulnerability had previously been identified but had not been adequately addressed. Additionally, the delayed incident response was attributed to understaffing within Capita’s Security Operations Centre, which hindered timely action against the threat.
Regulatory Response and Future Implications
The ICO’s initial proposal for a fine was £45 million, reflecting the gravity of the breach. However, after Capita presented mitigating factors—including improvements made to their security measures following the incident, support for affected individuals through 12 months of credit monitoring, and cooperation with regulatory authorities—the fine was reduced to £14 million. Capita has accepted responsibility and agreed to pay the penalty without pursuing an appeal.
The incident serves as a stark reminder of the critical importance of robust cybersecurity measures, especially for organizations that manage vast amounts of sensitive personal data. The ICO’s actions not only highlight Capita’s failures but also emphasize the broader responsibility organizations have in protecting the personal data of their clients and employees. As cybersecurity threats continue to evolve, companies must prioritize investments in security protocols to safeguard against potential breaches.
Essentia Health-Duluth Clinic Welcomes Dr. Shawna Reagan as Audiologist
Discover This Weekend’s Must-Watch Hulu Hits: Thrills Await
New Obesity Definition Raises U.S. Rate to 68.6% Overnight
Rutgers Fraternity Suspended After Student Hospitalized from Hazing Incident
JD Vance Defends Artillery Training Amid No Kings Protests
Astronomers Discover Massive Twin Cosmic Rings 7.5 Billion Light Years Away
Sei Young Kim Extends Lead to Four Strokes at BMW Ladies Championship
Ontario Psychologists Oppose Proposal to Reduce Training Standards
Klaus Mäkelä Debuts with Chicago Symphony, Showcases Berlioz Masterworks
Libraries Challenge Rising E-Book Costs Amid Growing Demand
Tyreek Hill Responds to Tua Tagovailoa’s Comments on Team Dynamics
Liverpool Secures Agreement to Sign Young Striker Will Wright
Save Your Split Tomatoes: Expert Tips for Gardeners
Princess Beatrice’s Daughter Athena Joins Siblings at London Parade
Winter Storms Lash New South Wales with Snow, Flood Risks
Trump Administration Moves to Repeal Key Climate Regulation
SoFi Technologies Shares Slip 2% Following Insider Stock Sale
New Tool Reveals Link Between Horse Coat Condition and Parasites
-
Lifestyle3 months agoLibraries Challenge Rising E-Book Costs Amid Growing Demand
-
Sports3 months agoTyreek Hill Responds to Tua Tagovailoa’s Comments on Team Dynamics
-
Sports3 months agoLiverpool Secures Agreement to Sign Young Striker Will Wright
-
Lifestyle3 months agoSave Your Split Tomatoes: Expert Tips for Gardeners
-
Lifestyle3 months agoPrincess Beatrice’s Daughter Athena Joins Siblings at London Parade
-
World3 months agoWinter Storms Lash New South Wales with Snow, Flood Risks
-
Science3 months agoTrump Administration Moves to Repeal Key Climate Regulation
-
Business3 months agoSoFi Technologies Shares Slip 2% Following Insider Stock Sale
-
Science3 months agoNew Tool Reveals Link Between Horse Coat Condition and Parasites
-
Science2 months agoSan Francisco Hosts Unique Contest to Identify “Performative Males”
-
Sports3 months agoElon Musk Sculpture Travels From Utah to Yosemite National Park
-
Science3 months agoNew Study Confirms Humans Transported Stonehenge Bluestones