Capita cyber incident
In March 2023 hackers targeted our technology supplier, Capita. We use Capita’s ‘Hartlink’ platform to support our in-house pension administration processes. The USS data concerned was contained in files generated by Capita from Hartlink, and held separately on their servers, to facilitate their operational processes.
On 11 May 2023 Capita formally informed us that USS member data was accessed by the hackers. We then started to inform members of the incident from 12 May 2023.
Your pension and My USS login information are safe.
However, the hackers did access files containing USS members’ names, dates of birth, National Insurance numbers, USS member numbers and retirement dates, as they were recorded in 2021.
We are very sorry this happened.
Capita confirm they have taken extensive steps to recover and secure the data. They are also monitoring the ‘dark web’ and to date have said they can find no evidence that the data is being circulated widely. We have also commissioned our own review of the ‘dark web’, and our third party investigation company also found no evidence of the exfiltrated files. We did not share any member personal data outside of USS as part of this exercise.
There are 3 things you can do to help stay safe:
- Sign up to Experian’s identity-monitoring service – this is being offered for free for one year
- Watch out for scams
- Do not give out personal information unless you’re sure you’re talking to the right person
Sign up for Experian’s service and get more information to stay safe – you’ll find a code to sign up for free in an email or letter from us.
We have taken this opportunity to review our systems and controls. We have strengthened our ID and verification processes and, as a precaution, taken the active-member benefit illustrator offline (you can still use the illustrator for prospective members).
We have also reported the personal data breach to the ICO, the Pensions Regulator and the Financial Conduct Authority.
If you have a question, email us at firstname.lastname@example.org
This mailbox is receiving a high volume of enquiries so we may take longer than usual to respond to you. Your queries may be covered in the Frequently Asked Questions section, below, which we’ll update weekly with answers to your queries.