The Financial Conduct Authority (FCA) has continued to engage with Capita following a recent cyber incident, with work underway to understand the extent of any data compromise and impact on the firms they provide outsource services to.

Capita previously confirmed in April 2023 that it had experienced a cyber incident and that there was evidence of “limited data exfiltration from the small proportion of affected service estate which might include some customer, supplier or colleague data”.

The Pensions Regulator (TPR) later revealed that it had written to pension schemes that use Capita as their administrator following a cyber incident at the company, asking trustees to speak to Capita as to whether there was a risk to scheme data.

Following the cyber incident, the FCA also emphasised that minimising the impact of operational disruption is one of the commitments in its strategy, reiterating that it expects firms to ensure cyber incidents are handled “efficiently and effectively” to reduce consumer and market harm.

The FCA also confirmed that it has been coordinating with other relevant authorities, including the ICO, on the incident.

An FCA spokesperson stated: “We have continued to engage with Capita since their cyber incident was reported to understand the extent of any data compromise and impact on the firms they provide outsource services to including their underlying customers.

“We have also written to FCA regulated firms that are clients of Capita to ensure they are fully engaged in understanding the extent of any data compromise and their responsibilities as Data Controllers to notify regulatory bodies including the Information Commissioner’s Office (ICO), as well as impacted consumers.”

A Capita spokesperson said: “Since 31 March, we have been in regular contact with trustees and regulators, and we will keep them updated as our investigation into the cyber incident progresses."

Share Story: