We promised to provide an update on the Capita Cyber Incident, following our last communication in August. We want to assure you that we continue to treat this incident with the priority and seriousness our members deserve. Cyber risk has been a top agenda item over recent years and we take our responsibility for protecting our members data extremely seriously.
It’s still a live incident and your Pensions Committee and officers continue to actively engage with Capita on its impact and the required future assurance on systems and processes. We do not anticipate that results from investigations from the Information Commissioners Office (ICO) and the Pensions Regulator (TPR) will be available until some time during 2024. This is due to the complexity and scale of the incident for Capita and all of their clients. We will update you further as soon as we are able to share more information.
Reassuringly, it remains the case that to date, the daily monitoring of the dark web has produced no signs of the exfiltrated Capita data. This monitoring will continue with the third-party expert appointed and there is no cessation for this monitoring.
The dark web is a part of the internet that is hidden from public search engines and can only be accessed by using special software. The dark web scanning performed daily by the specialist team, is a process of searching the dark web for any personal information that may have been stolen or leaked by hackers.
The approach involves using a service and a tool that can access the dark web and look for any matches to Capita data that was included in the exfiltrated data.
As there is still no evidence of this, in their view any fraudulent activity picked up to date isn’t therefore linked to the attack on Capita. With the Experian membership in place, they believe members are also now that much more aware of any unusual activity, which can only be a good thing.