Capita, the UK government contractor, revealed that it was hit by a cyber attack on 22 March, 2023. The incident was claimed by ransomware syndicate Black Basta in mid-April. Capita stated that less than 0.1% of its server estate was compromised and the incident cost the company up to $25m.
It was discovered on 31 March, disrupting Capita’s access to its internal Microsoft 365 applications. The company has not revealed the type of data that was exposed but cybercriminals allegedly shared passport scans, home addresses and personal banking details from the breach.
Black Basta, which first appeared in 2022, has hit 175 organisations with its malware since it was discovered. The gang employs double-extortion tactics to force victims to pay a ransom.
Researchers believe that Black Basta’s operators are linked with the Russian cybercrime group FIN7, which has been active for around a decade. Capita has stated that it is working with regulators, customers and suppliers to address the incident.
Capita provides business support services to companies and governments and has 50,000 employees. Despite the attack, the company posted in-year-revenue wins of £449m for the first four months of the year, up 16% from the same period in the previous year.
Capita has not released a public statement about the type of data that was exposed. The incident’s cost of up to $25m resulted from specialist professional fees and investment in reinforcing cyber protections.
