As you may have seen in the news, Capita recently received a rather substantial fine following a data breach which occurred back in March 2023. We understand that these reports, quite rightly, are causing CSPA members some concern with the upcoming move of the Civil Service pensions administration from MyCSP to Capita this December. Therefore, I thought it worthwhile covering this, and the actions we have been taking in response on CSPA members’ behalf in more detail.
The recent £14m fine imposed by the Information Commissioner’s Office (ICO) relates to a cyber-attack and consequential data breach that occurred in early 2023, we were aware of when it was announced that Capita had been appointed to run the Civil Service pension scheme in November 2023. Capita’s share prices slumped in 2023-24, when the company suffered big losses, partly due to a series of cyber incidents at the time, as it had been anticipated that the fines it would be facing might be considerably higher.
We formally raised the issue of Capita’s reputation and concerns about their record on data safety with the Cabinet Office at the time, and have continued to refer to our members’ concerns in this regard at meetings held since then. The Cabinet Office’s response has consistently been that Capita’s appointment to administer the pension scheme had followed a long and thorough procurement process, during which all aspects of their data security management had been investigated. The Cabinet Office told us that they had been impressed by Capita’s managerial response to the cyber incidents in question, which had been prompt, robust and proactive. The remedial measures and policy changes they had implemented at the time – in the Cabinet Office’s view – rendered their systems even more secure than those of other companies providing equivalent services who had not been subjected to cyber hacks.
We understand that you may be alarmed by these stories in the media, but rest assured that we continue to raise all issues of legitimate concern to our members with the Cabinet Office, including concerns about Capita’s reputation due to their legacy of data breaches and previous contract mismanagement (the company were removed as administrators of the teachers’ pension scheme).
Capita have indicated a willingness to work with CSPA as recognised stakeholders and pensioner representatives and we will continue to use this and the positive working relationship we have with the Cabinet Office to raise, and follow up on, any concerns arising during and after the transition.
