Business process outsourcing and tech services player Capita says there is proof that some customer data was scooped up by cyber baddies that broke into its systems late last month.
The British listed business, which has around £6.5 billion ($8.09 billion) in public sector contracts, updated the London Stock Exchange this morning to confirm the criminals breached its infrastructure on March 22 and remained inside until “interrupted” by the company on March 31.
“As a result of the interruption, the incident was significantly restricted, potentially affecting around 4 percent of Capita’s server estate. There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data.”
“Capita continues to work through its forensic investigations and will inform any customers, suppliers or colleagues that are impacted in a timely manner,” it said, adding: “Capita continues to comply with all relevant regulatory obligations.”
This comes after Russian extortionist crew Black Basta claimed it was behind the digital burglary at Capita and put up for sale sensitive information it reckons it stole, and which reportedly includes personal bank account details of people and business selling products or services to Capita. This is supposedly just small snippets of the data for sale.
Infosec veteran Kevin Beaumont previously said the stolen information being offered for sale also included a Capita Nuclear document – Capita provides support staff for the command centre of the Civil Nuclear Constabulary – paper marked confidential, and