Almost 8000 claimants are to make up a High Court case against outsourcing firm Capita following the 2023 cyber-attack at the company.
Manchester-based Barings Law has slammed the outsourcing giant for its handling of the breach, which occurred in March 2023 and was claimed by the Black Basta ransomware group.
Barings Law Head of Data Breach, Adnan Malik, said this is the largest action against the outsourcing giant in the world which the firm filed in the High Court earlier this year.
“We’re expecting our application with the High Court to be presented next year due to several delays in the justice system,” Malik said.
“Despite it being about 18 months since the breach occurred, we have continued to receive sign ups daily and much interest, and I expect more to come in.“
The initial unauthorized access occurred to Capita’s network on or around March 22 and was interrupted by the firm on March 31.
One month after the incident, Capita said that there was evidence of “limited data exfiltration” from the servers compromised by attackers.
Slow Notification Process Raises Concerns
One pension scheme provider, the Universities Superannuation Scheme (USS) which manages £82bn ($108.8bn) for its 500,000 members, warned its members that their data was held on the Capita servers accessed by the hackers.
USS’s statement came in May 2023, shortly after the incident. However, Barings Law has criticised others who have not been as prompt to inform those affected.
Malik noted: “We have seen instances where people are receiving letters from The Trustees of affected pensions that their bank details, including their sort codes, have been breached more than a year after the attack.
“Just last month one claimant was informed that their: name, gender, date of birth, address, national insurance number and employment details and history were breached in the March 2023 attack.”
In a release issued by Barings Law, the firm cited that one of the individuals affected by the breach and now client of Barings Law, is Yorkshire a mining veteran who learned of the attack in the media three months before he received a letter from his pension provider, the Mineworkers' Pension Scheme, and Capita.
Barings Law said that Capita has not made any statements about the delays to them.
Mineworkers' Pension Scheme has announced that Brightwell will replace Capita as the Scheme’s administrator on 13 January 2025.
However, other pension schemes continue to work with Capita including the Royal Mail Statutory Pension Scheme (RMSPS) which the Cabinet Office renewed its contract with Capita in a deal worth £48m ($64m) over eight years.
Infosecurity reached out to Capita for comment but the firm said it does not comment on ongoing legal proceeding.