Capita faces £14M penalty in 2023 cyber attack settlement with ICO
Capita plc has officially reached a settlement totaling £14 million with the Information Commissioner’s Office (ICO) regarding a cyber attack that occurred in March 2023. This financial penalty is a direct result of the findings from the ICO’s investigation into the incident.
Details of the Cyber Attack
On March 31, 2023, Capita experienced a cyber incident that primarily affected access to its Microsoft Office 365 applications. Although this incident disrupted some services offered to individual clients, the majority of Capita’s client services continued to operate without significant challenges.
Company Response and Remediation Steps
In light of the incident, Capita expressed its regret and confirmed that it had conducted a comprehensive forensic investigation. All individuals identified as potentially impacted by the attack were notified accordingly.
Adolfo Hernandez, the Chief Executive Officer of Capita, highlighted the seriousness of the matter. He stated, “Capita faced one of the first notable cyber-attacks on large UK companies.” He emphasized the company’s ongoing commitment to strengthening cybersecurity through leadership changes and significant investments.
- Enhanced cybersecurity measures introduced
- Advanced protective technologies implemented
- Culture of continuous vigilance established
Future Implications for Capita
Following the settlement, Capita has revised its financial expectations. The penalty will contribute to a projected free cash outflow of £59 million to £79 million, adjusted from prior guidance of £45 million to £65 million.
Despite these setbacks, Capita remains optimistic about achieving a cash-positive status by the end of 2025. The company’s guidance for the full year 2025 and its medium-term targets are unchanged.
Capita assured stakeholders that it remains focused on its transformation efforts, benefiting customers, employees, and society at large.
