Aviva, others urged to examine extent of data compromise following Capita breach

Regulator confirms reaching out to potentially affected companies

Aviva, others urged to examine extent of data compromise following Capita breach


By Terry Gangcuangco

Consulting and digital services business Capita, clients of which include Aviva, has already restored impacted client services following a cyber incident, but the Financial Conduct Authority (FCA) is telling potentially affected companies to make sure their data had not been compromised.

Two weeks ago, Capita said in an update: “From our investigations to date, it appears that the incident arose following initial unauthorised access on or around March 22 and was interrupted by Capita on March 31. As a result of the interruption, the incident was significantly restricted, potentially affecting around 4% of Capita’s server estate.

“There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier, or colleague data. Capita continues to work through its forensic investigations and will inform any customers, suppliers, or colleagues that are impacted in a timely manner.”

FCA involvement

Now, a report by the Financial Times cited the FCA as having contacted Capita clients – among which, it was noted, are Aviva and Phoenix Group – in relation to the cyber breach.

“We have continued to engage with Capita since their cyber incident was reported to understand the extent of any data compromise and impact on the firms they provide outsource services to including their underlying customers,” the regulator told the publication.

“We have also written to FCA-regulated firms that are clients of Capita to ensure they are fully engaged in understanding the extent of any data compromise.”

Aviva, meanwhile, was quoted by the FT as commenting: “There is no evidence currently to suggest that any of our customers’ data was accessed. We continue to work closely with Capita.”

Capita, which has yet to issue a further update, previously said it was complying with all relevant regulatory obligations.

What do you think about this cyber story? Share your thoughts in the comments below.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!