TPR writes to schemes following cyber incident at Capita

The Pensions Regulator (TPR) has written to pension schemes that use Capita as their administrator following a cyber incident at the company at the end of March.

In April 2023, Capita issued a statement confirming that it had experienced a cyber incident and that there was evidence of “limited data exfiltration from the small proportion of affected service estate which might include some customer, supplier or colleague data”.

The firm stated that it is continuing its investigations and would inform any customers, suppliers or colleagues that were impacted.

Following the incident, TPR wrote to pension schemes using Capita for administration services, asking trustees to inform TPR of the steps they have taken to make sure that members' data is protected.

The regulator also asked trustees to speak to Capita as to whether there was a risk to scheme data and reiterated the importance of having robust cyber security measures in place.

Commenting on the regulator’s communications with schemes, a TPR spokesperson said: “We take IT security and the risk of cyber attacks extremely seriously. That’s why we have issued guidance for trustees.

“In light of the cyber incident directed at Capita, we have asked trustees of schemes which employ Capita as their administrator to speak with the company to understand more about the situation and to help determine whether there is a risk to their scheme’s data.

“If a trustee establishes that their scheme has suffered a data loss, they have a duty to notify TPR, other authorities and impacted individuals.

“Our communication requires trustees to read TPR’s and the ICO guidance on cyber and IT security, and to make sure they are familiar with their responsibilities.

“We are also asking schemes to report to us what steps they have taken to ensure their obligations as data controller have been met.”

A Capita spokesperson said: “Since 31 March, we have been in regular contact with trustees and regulators, and we will keep them updated as our investigation into the cyber incident progresses.”

    Share Story:

Recent Stories


A time for fixed income
Francesca Fabrizi discusses fixed income trends and opportunities with Goldman Sachs Asset Management Head of UK Pensions Solutions, Fixed Income Portfolio Management, Henry Hughes, in our Pensions Age video interview

Purposeful run-on
Laura Blows discusses purposeful run-on for DB schemes with Isio director, actuarial and consulting, Matt Brown, in Pensions Age’s latest video interview
Find out more about Purposeful Run On

Keeping on track
In the latest Pensions Age podcast, Sophie Smith talks to Pensions Dashboards Programme (PDP) principal, Chris Curry, about the latest pensions dashboards developments, and the work still needed to stay on track
Building investments in a DC world
In the latest Pensions Age podcast, Sophie Smith talks to USS Investment Management’s head of investment product management, Naomi Clark, about the USS’ DC investments and its journey into private markets

Advertisement