Capita has acknowledged that a cyberattack occurred last Friday. Many clients across the UK, including government organizations, experienced disruption due to the incident, which disrupted access to internal Microsoft Office 365 apps at the IT services and consultancy firm. In a statement sent to shareholders this morning, Capita stated that the hack did not compromise data.
The company is among the biggest providers to the UK government, with public sector contracts worth £6.5 billion in outsourced IT services and other areas. It employs 50,000 people and operates in the UK, South Africa, India, and Europe. Several consumers experienced disruption due to the attack, but Capita claims that most of its services were still available.
A cyber attack that largely affected access to internal Microsoft Office 365 apps occurred on Friday, March 31, according to Capita PLC. Certain services were disrupted due to this,” the statement says. More updates would be made available as soon as possible, it added. “We have returned the company colleague access to Microsoft Office 365 by collaborating with our expert technical partners, and we are doing good work toward restoring the remaining client services in a secure and regulated manner.”
Impacted Local Government Entities By Capita Cyberattack
On Friday morning, there were issues with Capita personnel being unable to access their systems. Later that day, the business acknowledged it was having a “technical problem” in a statement posted on Twitter.
Later that evening, the firm provided more information: “We want to reassure any clients whose services have been impacted that we are progressing well and closely cooperating with our technical partners to repair the issues promptly.”
The British military and the NHS are among Capita’s clients. In addition to giving various local councils customer service phone lines, it assists the BBC in collecting its licensing fee.
Given the group’s involvement in sensitive areas like Royal Navy training facilities and security at Ministry of Defense bases, a source familiar with the outage disclosed that other governmental agencies had been made aware of the incident. As a result of the attack, the source added that people working at impacted sites—some related to crucial national infrastructure—resorted to using radios, pens, and paper.
Barnet, Barking and Dagenham, Lambeth, and South Oxfordshire are local councils that utilize Capita services and have all noted problems brought on by the incident. According to Barking and Dagenham Council, “callers may notice modest delays in our ability to reply to their calls throughout the weekend due to a technical failure with our out-of-hours service systems.”
“We are aware of an incident affecting various Capita systems,” the Cabinet Office said. “We are in frequent touch with the company as they continue to investigate the matter.”
Conclusion
The most prominent outsourcing firm in the UK, Capita, announced on Monday that “a cyber incident” was to blame for a Friday IT disruption that prevented employees from accessing their accounts. According to reports, when staff attempted to login, they were mistakenly informed that their regular passwords were “incorrect,” which fueled rumors that a cyberattack was to blame. Nevertheless, not all of Capita’s 61,000 employees were impacted. A spokeswoman for Capita at the time stated that the business was looking into “a technical issue.”
The business acknowledged it “had a cyber issue primarily disrupting access to internal Microsoft Office 365 apps” in a statement sent to the Regulatory News Service on Monday. The incident’s nature has not been made public. While financially motivated ransomware attacks continue to pose a serious threat to British businesses, Capita also offers government services that could be of interest to state-sponsored espionage outfits. Among Capita’s many contracts, there are several with the Ministry of Defense. The engineering and maintenance support of the training simulators for the Royal Navy’s nuclear-powered ballistic missile submarines, a key component of the United Kingdom’s nuclear deterrent, was taken over by a consortium it led last year.
The problem, which was “limited to areas of the Capita network,” was effectively isolated and contained, according to a statement from Capita. The business recognized that some of its customers’ services were interrupted, but it did not say which. Microsoft Office 365 access had been restored, and claimed to be “making good progress” in fixing the remaining client services in a secure and regulated manner. Although Capita could not specify if its investigation was ongoing, it stated that “no evidence of customer, supplier, or colleague data having been compromised.” Since the “technical issue” was first revealed, the company’s share price has decreased by 3% from its previous value since Friday.
Over the last couple of years, service disruption through the supply chain has become an extremely popular method for cyber criminals. Even though Capita IT was able to limit the impact on services, this should be a stark warning to all public services about the impact of a cyberattack.
Disrupting any public service is extremely serious and can result in nationwide social and economic impacts. In more critical industries such as healthcare, disruption can impact the ability to deliver patient care, and in extremely rare cases, even result in fatalities. For example, last year’s attack on software supplier, Advanced, resulted in the 111 phone service outage.
This attack should a warning to all public service organisations the importance of being proactive and implementing technologies such as unified SASE (Secure Access Service Edge). With SASE, security teams have complete visibility across their entire network and can implement security controls such as network segmentation, to limit the movement of malware and mitigate the impact of attacks.
The recent confirmation by Capita that it is investigating a cyber-attack highlights the critical need for robust cybersecurity measures within the public sector. Cyber criminals often target these organisations – not just directly but through third party providers, as we have seen here – knowing the potentially devastating impact of disrupting critical public services across the country. Safeguarding the sensitive information stored should be a top priority.
All organisations are at risk, and that includes having a weak link in your supply chain. Investing in cybersecurity solutions that operate at the hardware layer is essential to provide a robust defence against today’s cyber threats. By fortifying the area closest to the data, public sector-affiliated organisations can guarantee a high level of protection for the sectors they support. This ensures that services remain unaffected, giving peace of mind to the organisations and the public they serve.