The Universities Superannuation Scheme (USS) has revealed that the personal details of around 470,000 active, deferred and retired members may have been accessed during the recent Capita cyber incident.
The scheme previously revealed that it used Capita’s technology platform, Hartlink, to support its in-house pension administration processes, after Capita confirmed in April 2023 that it had experienced a cyber incident.
Following this, the USS today (12 May) confirmed that whilst member data held on Hartlink has not been compromised, details of USS members were held on the Capita servers accessed by the hackers.
The information potentially accessed includes member title, initial(s), name, date of birth, their national insurance number and their USS member number.
The USS stated that Capita cannot currently confirm if this data was definitively “exfiltrated” by the hackers, although they recommend that the scheme trustees work on the assumption it was.
Given this, the trustee confirmed that it will be writing to each of the members affected by this, and, where applicable, their employers, as soon as possible to make them aware, to apologise for any distress or inconvenience caused, and to provide support and advice.
"We are awaiting receipt of the specific data from Capita, which we will in turn need to check and process," the USS stated.
"We are sorry that member data has been accessed in this way. We are proactively engaging with Capita in respect of their ongoing investigations and are considering the next steps available to us.
"We also continue to engage with them about the ongoing support they will be providing to those affected.
"We are confident members’ pensions remain secure. We have reviewed our own systems and controls to ensure they remain robust. My USS login information has not been compromised. We will, of course, continue to be vigilant."
The USS also confirmed that it has reported the incident to the Information Commissioner's Office (ICO), as well as The Pensions Regulator (TPR) and the Financial
Conduct Authority.
Commenting on the update, a Capita spokesperson said: “Capita continues to work closely with specialist advisers and forensic experts to investigate the incident and we have taken extensive steps to recover and secure the data.
“In line with our previous announcement, we are now informing those we have identified to be affected.
"We have worked quickly to provide our clients with information, reassurance and support, while delivering for them as a business. In instances where we need to provide further support to those affected, we will do so.”
Both TPR and FCA have been engaged with Capita following the recent cyber incident, with the regulator recently writing to pension schemes that use Capita as their administrator, asking trustees to speak to Capita as to whether there was a risk to scheme data.
Capita previously confirmed that it is working "closely and at speed" with advisers and forensic experts to investigate and resolve the issue, with the incident expected to cost the provider up to £20m.
Recent Stories