The Record reports:
Capita, the United Kingdom’s largest outsourcing company, was on Wednesday fined £14 million ($18.7 million) over security failings that saw attackers compromise the personal information of 6.6 million people in a ransomware attack in 2023.
The voluntary settlement is for less than a third of the £45 million ($60 million) Britain’s data protection regulator had initially intended to impose, but remains the largest fine the Information Commissioner’s Office (ICO) has ever issued in a ransomware case.
Despite Capita initially stating there was “no evidence of customer, supplier or colleague data having been compromised,” the company and its pensions subsidiary were found to have exposed data about the pensions it handles, Capita’s own staff and customers from other organizations Capita supports.
[…]
The attack was ultimately claimed by the Black Basta ransomware group, which posted what it alleged were documents stolen from Capita’s internal systems. The listing subsequently disappeared from Black Basta’s extortion site, a move that often indicates an extortion fee has been paid or is being negotiated. Capita has not commented on whether it made such a payment.
Read more at The Record.
