The Information Commissioner’s Office (ICO) has urged organisations to report any personal data breaches that could be connected to cyber security incidents at Capita.
This follows an increasing number of reports of local authorities being affected, or at least declaring concerns, by a possible vulnerability in the company’s revenues and benefits and software.
Reports of a cyber attack on Capita systems originally emerged in early April.
An ICO spokesperson said it was aware of two incidents concerning the company – the cyber attack and its use of publicly accessible storage – and has received a “large number of reports” from those affected.
Check position
“We are encouraging organisations that use Capita’s services to check their own position regarding these incidents and determine if the personal data they hold has been affected,” the spokesperson said. “If necessary, consider reporting a data breach to the ICO and we will use this information to inform our next steps.”
The spokesperson added that if an organisation decides a report does not need to be reports it should still keep its own record of it and be able to explain why it did not file a report.
The ICO said its online function for filing breach reports should be used.
Related stories:
- 23/05/23 - More councils react to Capita cyber incident
- 18/05/23 - Rochford Council attributes data breach to Capita
- 04/04/23 - Capita acknowledges disruption from cyber attack