Capita cyber incident: what happened and how we responded

In March 2023, Capita experienced a cyber incident that led to unauthorised access to certain IT systems and disruption of some client services. The attack was interrupted on 31 March, and services were restored shortly afterwards.

Our immediate response

We acted quickly to contain the incident and restore systems. Impacted parties were contacted, and we worked closely with the Information Commissioner’s Office (ICO) and other regulators throughout the process. Independent specialists monitored the dark web and confirmed that no exfiltrated data was circulating or available for sale. We have cooperated fully with the ICO throughout the investigation and reached a settlement in line with regulatory expectations.

Strengthening our defences

Since the incident, we have invested heavily in transforming our cyber security capabilities. Key actions include:

Technology upgrades: Hardening of Active Directory, enhanced detection and response capability, and deployment of Privileged Access Management (PAM).
Testing and monitoring: Regular penetration testing with external partners and creation of a hybrid Security Operations Centre (SOC) with a government-accredited provider.
Policy improvements: Centralising Governance, Risk and Compliance under our new Chief Information Security Officer (CISO), and strengthening incident management playbooks.
Training and awareness: Enhanced mandatory cyber training, role-based learning, and a security champions network to promote vigilance across the organisation.

Supporting impacted individuals

We contacted all affected parties and offered credit and identity monitoring services where appropriate. Forensic experts assessed impacted data, and specialist advisors confirmed no evidence of data circulation.

Measuring progress

Independent IT reviews and NIST framework assessments show significant improvement in our security posture, with performance now above peer average.

Our commitment

We deeply regret the incident. Under new leadership, we continue to invest in technology, processes, and culture to ensure secure, resilient services for our clients and their customers. This forms part of a multi-year investment programme under new leadership to embed resilience and security at the heart of our operations.

Business activity: No business unit was discontinued or reduced; our focus has been on strengthening processes and culture across the organisation.

Scroll Top

Featured insights

CX in EMEA: The five defining trends of 2025

Driving business value through procurement

Featured news

Capita and PCS Trade Union agree voluntary recognition ahead of Civil Service Pension Scheme transfer

Capita secures £33m contract extension with a leading UK financial services provider to support customers

Featured news

Capita and PCS Trade Union agree voluntary recognition ahead of Civil Service Pension Scheme transfer

Capita secures £33m contract extension with a leading UK financial services provider to support customers

Featured news

Capita and PCS Trade Union agree voluntary recognition ahead of Civil Service Pension Scheme transfer

Capita secures £33m contract extension with a leading UK financial services provider to support customers

Featured news

Capita and PCS Trade Union agree voluntary recognition ahead of Civil Service Pension Scheme transfer

Capita secures £33m contract extension with a leading UK financial services provider to support customers

Search by keywords and/or using the filtering options

Capita cyber incident: what happened and how we responded

In March 2023, Capita experienced a cyber incident that led to unauthorised access to certain IT systems and disruption of some client services. The attack was interrupted on 31 March, and services were restored shortly afterwards.

Our immediate response

Strengthening our defences

Supporting impacted individuals

Measuring progress

Our commitment

Who we are

Quick links

Legal