This article was updated on 25 May 2023
Capita recently reported a cyber incident involving hackers targeting some of its computer servers – potentially impacting several of the cross-sector businesses it serves.
We use Capita’s technology platform (Hartlink) to support our in-house pension administration processes and have been liaising closely with the company over the course of its forensic investigations.
While it has been confirmed that USS member data held on Hartlink has not been compromised, we were informed on Thursday 11 May that regrettably details of USS members were held on the Capita servers accessed by the hackers. The information potentially accessed includes:
- Their title, initial(s), and name; their date of birth; their National Insurance number; their USS member number.
Capita have also informed us that retirement dates were contained in the files.
The details, dating from early 2021, cover around 470,000 active, deferred and retired members.
While Capita cannot currently confirm if this data was definitively “exfiltrated” (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was.
We are awaiting receipt of the specific data from Capita, which we will in turn need to check and process.
Members will be given access to a leading identity protection service, free of charge, and we will be contacting them next week (w/c 22 May) to set out how that will work.
We have information on our website providing tips on how to spot scams, and a set of Q&As is available below that we hope will address any immediate questions.
Members can also email firstname.lastname@example.org if they have any further queries not covered on our website.
We are sorry that member data has been accessed in this way. We are proactively engaging with Capita in respect of their ongoing investigations and are considering the next steps available to us. We also continue to engage with them about the ongoing support they will be providing to those affected.
We would encourage members to only ever give out personal information if they are absolutely sure they know who they are communicating with.
- If you receive a suspicious email, you should forward it to email@example.com.
For text messages and telephone calls, forward the information to 7726 (free of charge). For items via post, contact the business concerned.
- If there are any changes to your National Insurance information, HM Revenue & Customs would contact you – but you can also phone them on 0300 200 3500.
- If you are concerned someone might be impersonating USS, please let us know by emailing firstname.lastname@example.org.
The National Cyber Security Centre and the Information Commissioner’s Office (ICO) both provide guidance that may also be useful.
We have reported this incident to the ICO and will work with them on any investigation they choose to conduct and any recommendations they might subsequently make to USS. We have also informed the Pensions Regulator and the Financial Conduct Authority.
We are confident members’ pensions remain secure. We have reviewed our own systems and controls to ensure they remain robust. My USS login information has not been compromised. We have strengthened our ID and verification processes and, purely as a precaution, taken our active member Benefit Illustrator offline.
We will, of course, continue to be vigilant.