Planned maintenance: Please note EAPF Online will be unavailable between 09:00 on 30 October until 17:00 on 31 October 2019 for essential maintenance. We apologise for any inconvenience caused.

Capita reported a cyber incident involving hackers targeting some of its computer servers – potentially impacting several of the cross-sector businesses it serves.

We use Capita to provide our Environment Agency Pension Fund (EAPF) administration services, supported by their technology platform (Hartlink). It has been confirmed that EAPF member data held on Hartlink has not been compromised.

The incident took place on 22 March 2023 and was intercepted on 31 March when malicious activity was detected.

Capita confirmed on 26 May 2023 that their preliminary investigation had identified that our pensioner population had personal details potentially ‘exfiltrated’, along with a small proportion of contributing and deferred members and we have subsequently written out to those affected individuals.

Capita have now concluded their forensic investigations and unfortunately the impact to our members is wider than initially indicated. The actual data that was available on the affected server does vary for each member and the precise categories of personal data is set out in the letters our affected members have been sent. These letters have also been added to EAPF Online accounts and can be viewed there.

Whilst Capita has informed us that there is no evidence that information resulting from this incident has been misused to date, Capita believes it is appropriate to act with vigilance under the circumstances.

In our letters to affected members highlighting the information that was exfiltrated, we’ve included details setting out a 12 month membership to a leading identity protection service free of charge. Since letters were sent, it has been agreed for this 12 month service to be extended to 24 months.  This will happen automatically and our members will not need to do anything whether or not they have already registered. It will end 24 months from the date of registration.

We’ve created a bespoke 'Cyber hub' on the EAPF website for members which provides helpful information, links, and Q&As all in one place which we hope will answer some commonly asked questions and help address any immediate concerns.

We’ll continue to actively engage with Capita and will consider the next steps available to us and communicate these where necessary. We’ll also continue to discuss ongoing support that they’ll be providing to those affected.

The EAPF has reported and updated the Information Commissioners Office (ICO) and also been in regular dialogue with other regulators, and these include the Pensions Regulator (tPR), and the National Audit Office (NAO). Capita are also in direct contact with all regulators.

We recognise the concern this may cause and wish to highlight some of the steps taken by Capita in response to the criminal incident:

  • They have appointed a third-party specialist adviser that continues to monitor the dark web to confirm that data compromised as a result of this incident is not circulating more widely.
  • That in third party reports, they can find no evidence that data resulting from this incident is circulating on the dark web or otherwise. 
  • Capita have taken extensive steps to recover and secure the data contained within the servers impacted by the exfiltration.

In the meantime, we want to reassure members that your pensions remain secure. We’ve reviewed our own systems and controls to ensure they remain robust. The EAPF member portal has not been compromised as this is held in a separate environment to the server that was accessed. Therefore, your passwords to login to your pension account remains safe.

If you’re an EAPF member and you’re wondering if your personal data has been compromised, please check your EAPF Online account rather than contact Capita to ask if you’re affected. If you do need to contact Capita, please do be patient with the team. The incident has had an impact on their ‘business as usual’ processing, and they’re recovering from lost time as a result of the cyber incident.

This is a criminal act and we understand that the incident will be a concern, but we want to reassure you that we take the responsibility of protecting our member data extremely seriously.

We will, of course, continue to be vigilant and will keep our website updated as the situation evolves.

We have provided updated questions and answers document in our cyber incident hub which we hope you will find useful.

You can access our Cyber hub at


Send message