Capita’s recent cyber incident has highlighted a long-running trend in which businesses have failed to adequately inform customers over the extent of a breach.
The IT outsourcing giant, which provides services to a range of clients including the UK government, revealed in March that it had suffered a “cyber incident” that severely disrupted internal IT services.
However, the firm said at the time that there was “no evidence” that any data had been compromised in the incident as it sought to allay customer fears over a potential domino-effect breach unfolding.
While this may have alleviated concerns in the first instance, the company’s response thereafter highlights a continued trend of businesses failing to fully inform affected customers over the disastrous nature of a breach.
Last month, the company revealed that there was “some evidence of limited data exfiltration” and that compromised data “might include” customer, supplier, and even staff data.
This announcement, which came weeks after the initial disclosure of the incident, has now been followed by the revelation that client pension data was likely to have been compromised during the cyber incident.
A report from the Financial Times on 4 May revealed that Capita has informed affected clients of the situation and that it is still investigating the scale of the breach.
Capita told Reuters that it is “working closely with specialist advisers and forensic experts” to “provide assurance around any potential customer, suppliers, or colleague data exfiltration”.
Capita’s botched comms could harm customer confidence
While Capita now appears to have a limited handle on things and is communicating with affected clients, the situation bears concerning similarities to several high-profile data breaches in recent months - a surprising number of which were handled poorly from a comms perspective.
RELATED RESOURCE
Same cyberthreat, different story
How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
LastPass infamously came under fire for its comms response last year in the wake of a seemingly never-ending series of incidents.
An initial cyber attack disclosure in August last year continually escalated in severity until a final report in late February 2023 revealed that the company had suffered a series of incidents that placed user information at risk.
The company’s response was heavily criticized by security industry stakeholders amid claims that it failed to appropriately inform users over the full extent of the breach.
Last year, Block, the US-based payments firm behind CashApp, was also accused of woefully mishandling a data breach.
Around 8.2 million customers were affected in a data breach after a former employee was found to have downloaded information on user payment activities.
The company’s response to the incident prompted a class-action lawsuit in which complainants alleged that the response time and mitigation of the incident was poorly handled.
Clear-cut communication in the wake of cyber incidents is critical to ensure that customers aren’t left in the dark preparing for the dreaded moment in which their data and company logo is placed on a shady online forum.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
NHS supplier hit with £3m fine for security failings that led to attackNews Advanced Computer Software Group lacked MFA, comprehensive vulnerability scanning and proper patch management
-
‘It’s your worst nightmare’: A batch of €5 hard drives found at a flea market held 15GB of Dutch medical records – and experts warn it could’ve caused a disastrous data breachNews Robert Polet made a startling discovery after finding hard drives on sale for €5 each in a flea market.
-
Unlock profitability with Cove Data ProtectionWhitepaper Agile risk management starts with a common language
-
UK businesses patchy at complying with data privacy rules
News Companies need clear and well-defined data privacy strategies
-
GDPR fines might’ve dipped last year, but don’t get complacent – personal liability risks are risingNews A decrease in big GDPR fines doesn’t mean it’s plane sailing for enterprises in 2025
-
Four years on, how's UK GDPR holding up?News While some SMBs are struggling, most have stepped up to the mark in terms of data governance policies
-
Where will AI take security, and are we ready?whitepaper Steer through the risks and capitalise on the benefits of AI in cyber security
-
Customer Stories - south west London integrated care board security assessment.whitepaper The rise in attacks has prompted trusts to check the health of their cyber security infrastructure and practices.
