Capita previously reported a cyber incident involving hackers targeting some of its computer servers – potentially impacting several of the cross-sector businesses it serves.
We use Capita’s technology platform (Hartlink) to support our in-house pension administration processes and have been liaising closely with the company over the course of its forensic investigations.
We are proactively engaging with Capita in respect of their ongoing investigations into their cyber incident, but we understand USS data was contained in files generated by them from the main Hartlink system, and held separately on their servers, to facilitate operational processes.
Capita have identified from their investigations that personal data was exfiltrated (i.e., accessed and/or copied) by the hackers. The information accessed includes members’ title, initial(s), and name, their date of birth, National Insurance number, USS member number and their retirement date.
Capita have confirmed that they have taken extensive steps to recover and secure the data as well as monitoring the dark web to confirm that data compromised as a result of this incident is not circulating more widely.
We very much regret that this has happened. We are committed to supporting members.
To help members monitor their personal information for certain signs of potential identity theft, they will be given access to a leading identity protection service, free of charge, and we will be writing to them during this week setting out how that will work. This service requires explicit consent to set up and provides direct alerts to members, we therefore cannot set up this service on behalf of our members.
We would encourage members to only ever give out personal information if they are absolutely sure they know who they are communicating with.
Members should also bear in mind that we will not call them in relation to this issue unless they ask us to. Any unsolicited calls from someone claiming to represent USS or Capita should be treated with suspicion.
If you are concerned someone might be impersonating USS or Capita, please let us know by emailing email@example.com.
We want to assure members that data privacy and security is a top priority for us.
Having reviewed our own systems and controls to ensure they remain robust, we are very confident members’ pensions remain secure.