Business process outsourcing firm Capita is warning customers to assume their data was stolen in a cyberattack that affected its systems in early April.

Almost six weeks after the attack came to light, Capita warned the Universities Superannuation Scheme (USS), the UK’s largest private pension scheme, to react to the incident on the assumption that their members’ data had been stolen.

USS manages the pensions of over 500,000 members of UK universities and colleges (and their families), investing £82.2 billion (over $102 billion) on their behalf.

Capita told USS that the servers the hackers had access to contained approximately 470,000 personal information about active, deferred and retired members, including names, dates of birth, national insurance numbers and phone numbers. member of the USS.

“While Capita cannot currently confirm whether this data has been permanently ‘exfiltrated’ (i.e. viewed and/or copied) by the hackers, they recommend that we assume this was the case. We are waiting to receive the specific data from Capita, which we will in turn have to verify and process”, USS said Friday.

“We have reported this incident to the ICO and will work with them on any investigation they choose to conduct and any subsequent recommendations they may make to USS. We have also notified the pension regulator and the Financial Conduct Authority. “

According to industry sources, up to 350 UK company pension schemes were affected by the Capita attack, “making it the largest such hack in UK history”, according to The telegraph,

Black Basta claims to have stolen data

While Capita initially described the attack as a “technical issue”, the company recognized three days later that a weekend outage was the result of a cyberattack.

On April 17, the Black Basta ransomware gang added a private entry for Capita to its data leak site using a private link, threatening to sell allegedly stolen data, including personal bank account details, physical addresses , passport scans and other sensitive information.

A spokesperson for Capita declined to provide a statement when BleepingComputer asked for comment on the ransomware gang’s allegations.

However, on April 20, Capita revealed that the exfiltrated assailants files from approximately 4% of its “server farm”, including customer, supplier or co-worker data from the systems after gaining access to Capita’s systems on March 22 and remained active until the company discovers the flaw on March 31.

After two more weeks, on May 5, Capita released a new update claiming that “data was exfiltrated from less than 0.1% of its server farm”.

The company also revealed that it expects to incur exceptional costs related to the April incident of up to £20 million (approximately $25 million).

Capita, based in London, is a government contractor who also works with clients in finance, IT, healthcare and education.

Its client list includes the Department for Work and Pensions, the National Health Service (NHS), the British Army, as well as leading companies such as Vodafone, O2 and the Royal Bank of Scotland.