- A record breaking fine has been given to Capita by the ICO
- The £14 million penalty follows a data breach that saw financial information exposed
- UK institutions have been targeted in a string of high profile ransomware attacks
A £14 million fine ($18.7 million) has been doled out to Capita, the UK’s largest outsourcing, consulting, and digital services business due to security failings – the largest fine ever issued by the Information Commissioners Officer (ICO).
The record-breaking fine follows a data breach that saw over 6 million people’s information compromised in a ransomware attack back in 2023. British organisations are facing scrutiny after a string of high profile ransomware attacks, creating victims of M&S, Harrods, and Jaguar Land Rover to name a few.
“With so many cyber attacks in the headlines, our message is clear: every organisation, no matter how large, must take proactive steps to keep people’s data secure,” said John Edwards, UK Information Commissioner.
Inadequate safety
Personal information was compromised in the breach, including names, dates of birth, and addresses – along with financial information like card numbers and CVVs. This not only leaves those impacted at risk of identity theft but also of credit card fraud and theft.
Capita was found to have failed in implementing adequate safety measures to prevent privilege escalation along with unauthorised lateral movement through its networks – and the firm was not efficient enough in its response to security alerts.
“Capita failed in its duty to protect the data entrusted to it by millions of people. The scale of this breach and its impact could have been prevented had sufficient security measures been in place,” Edwards continued.
Capita initially reported that there was ‘no evidence of customer, supplier or colleague data having been compromised’. However, it was later revealed that the firm and its pensions subsidiary had data exposed in the incident, pertaining to Capita staff, customers, and partnering organisations.
The fine is a voluntary settlement and is a significant reduction on the initial proposed penalty form the regulator, which was a gigantic £45 million ($60 million).
Via:The Record
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for best antivirus software
- Attackers claim they hacked Nissan’s design studio and stole 4TB of data
