SlideShare una empresa de Scribd logo

Capita cyber incident QAs 25 May 2023.pdf

Henry Tapper
Henry Tapper

USS explains to members what is going on.

Educación
1 de 7
Descargar para leer sin conexión
25 May 2023 Capita cyber incident - Q&As Capita recently reported a cyber incident involving hackers targeting some of its computer servers – potentially impacting several of the cross-sector businesses it serves. We use Capita’s technology platform (Hartlink) to support our in-house pension administration processes and have been liaising closely with the company over the course of its forensic investigations. While it has been confirmed that USS member data held on Hartlink has not been compromised, we were informed on Thursday 11 May that regrettably details of USS members were held on the Capita servers accessed by the hackers. Capita have since identified from their investigations that personal data was “exfiltrated” (i.e., accessed and/or copied) by the hackers. The information accessed includes: Their title, initial(s), and name; their date of birth; their National Insurance number; their USS member number and their retirement date The details, dating from 2021, cover around 470,000 active, deferred and retired members. Capita have confirmed that they have taken extensive steps to recover and secure the data as well as monitoring the ‘dark web’ to confirm that data compromised as a result of this incident is not circulating more widely. Members are being given access to a leading identity protection service provided by Experian, free of charge, and we will be writing to them week commencing 22 May 2023 setting out how that will work. We have published an update on the USS website and have provided the following Q&As, which we hope will address any immediate questions members may have. Members can also email mydata@uss.co.uk if they have any further queries not covered on www.uss.co.uk. We are proactively engaging with Capita in respect of their ongoing investigations and are considering the next steps available to us. Having reviewed our own systems and controls to ensure they remain robust, we are very confident members’ pensions remain secure. My USS login information has not been compromised. We have strengthened our ID and verification processes and, purely as a precaution, taken our active member Benefit Illustrator offline.
25 May 2023 Experian service-specific How do I know the email I received from USS is genuine? Please check the email address carefully. Our emails to members come from members@news.uss.co.uk If you are concerned someone might be impersonating USS, please let us know by emailing mydata@uss.co.uk I have not received an Experian voucher code. Does that mean my data has not been affected? We are sending the voucher codes to all members in batches, over multiple days, in order to manage demand. We are emailing members for whom we hold a valid email address. Members we don’t have a valid email address for will receive a code by letter. We are monitoring demand on Experian’s support services and this will influence the pace at which our emails and letters will be issued, but we are aiming to have issued all the emails by 31 May. The activation code hasn’t worked Please contact Experian’s Customer Support Centre on 020 8090 3696. They are open Monday to Friday, 8am to 6pm. (Charges for calling 02 numbers are the same as calls made to a standard UK landline.) I can’t get through to the Experian Helpdesk Please keep trying – a number of other companies have been affected by Capita’s data breach and have offered this service so their contact centre is likely to be experiencing high volumes of calls. Why do I need to provide my bank or card details? You may need to provide Experian with some personal details in the sign-up process so that Experian can match them with your credit record for identification purposes and set up your monitoring. Are the questions Experian asking expected as it’s a lot of personal information? If you choose to use the service, you will need to provide Experian with some personal details in the sign-up process so that Experian can match them with your credit record for identification purposes and set up your monitoring. You should review Experian's terms and conditions to make sure you are comfortable sharing the information requested.
25 May 2023 Is Experian covering all data that may have been compromised – like data that Equifax would cover for example? Experian is one of the three main consumer credit reference agencies. They hold information relating to your credit, service and utility accounts. What will happen when I input my details and follow the steps? You will be guided through the process of setting up the Experian Identity Plus services after following the link in the email. If you require additional support, please can the Experian Identity Plus product helpdesk on 020 8090 3696. They are open Monday to Friday, 8am to 6pm. (Charges for calling 02 numbers are the same as calls made to a standard UK landline.) Why is the onus being put on members to monitor their personal information? Capita have confirmed that they have taken extensive steps to recover and secure the data as well as monitoring the ‘dark web’. While at present we understand from Capita that the data “exfiltrated” has been secured, we are also taking steps to put our own monitoring in place. We are proactively engaging with Capita in respect of their investigations and are considering the next steps available to us. Having reviewed our own systems and controls to ensure they remain robust, we are very confident members’ pensions remain secure. My USS login information has not been compromised. We have strengthened our ID and verification processes and, purely as a precaution, taken our active member Benefit Illustrator offline. But we only have oversight of members’ USS accounts. The monitoring service provides far more comprehensive protection for members across services and accounts members may use, but over which we do not (and would not) have any oversight. This service also requires explicit consent to set up and provides direct alerts to members, we therefore cannot set up this service on behalf of members. Does Experian now have my personal data? We have not given Experian any of your information. Should you choose to use the voucher, Experian will be responsible for handling your personal data and you will need to agree to their terms and conditions to this end. Your voucher code lets you sign up for the Experian service free of charge. You will need to provide some personal details in the sign-up process so that Experian can match them with your credit record for identification purposes and set up your monitoring. You may then also choose to ask Experian to monitor the web (including the ‘dark web’) for certain personal details provided by you.
25 May 2023 What happens if there has been activity between the date the hack happened and the date it was identified? The ID protection service will monitor activity based on the information you give to Experian. If you think there has been any suspicious activity on accounts in your name, or anything in your credit record you don’t recognise, contact the organisation concerned as soon as possible. Why are you only providing this service for 12 months? Capita have confirmed that they have taken extensive steps to recover and secure the data as well as monitoring the ‘dark web’. While at present we understand from Capita that the data “exfiltrated” has been secured, we are also taking steps to put our own monitoring in place. We are proactively engaging with Capita in respect of their investigations and are considering the next steps available to us. What should we do if our data is used to take out credit/loans etc? The ID protection service will monitor activity based on the information you give to Experian. If you think there has been any suspicious activity on accounts in your name, or anything in your credit record you don’t recognise, contact the organisation concerned as soon as possible. Should I tell my bank? This is something for you to consider, but we would suggest it is only necessary if you think there has been any suspicious activity on your account. General What member data has been taken? The details, dating from 2021, cover around 470,000 active, deferred and retired members. We understand this data is contained in files generated by Capita from the main Hartlink system, and held separately on Capita services, to facilitate operational processes. Capita have identified from their investigations that personal data was “exfiltrated” (i.e., accessed and/or copied) by the hackers. The information accessed includes: Their title, initial(s), and name; their date of birth; their National Insurance number; their USS member number and their retirement date How many members are affected? The details, dating from 2021, cover around 470,000 active, deferred and retired members. While we await receipt of the specific data from Capita, we have arranged for all current members of the scheme to have access to a leading identity protection service, free of charge.
25 May 2023 When were you first made aware that USS member data had been affected? We have been engaging closely with Capita since it first announced the cyber incident. Capita first formally informed USS of a personal data breach on Thursday 11 May 2023. How quickly did you let members know? Within a day of formally being informed, we published an update and an initial set of Q&As (available via the www.uss.co.uk homepage) to address immediate questions – and began to email members. We will be writing to each of the members affected by this – and, where applicable, their employers – as soon as possible to make them aware, to apologise for any distress or inconvenience caused, and to provide ongoing support and advice. How are you protecting the members affected? We are proactively engaging with Capita in respect of their ongoing investigations and are considering the next steps available to us. Capita have confirmed that they have taken extensive steps to recover and secure the data as well as monitoring the ‘dark web’. Members will be given access to a leading identity protection service provided by Experian, free of charge, and we are writing to them setting out how that will work. What advice can you give to affected members to protect themselves? We would encourage members to only ever give out personal information if they are absolutely sure they know who they are communicating with. • If you receive a suspicious email, you should forward it to report@phishing.gov.uk • For text messages and telephone calls, forward the information to 7726 (free of charge). • For items via post, contact the business concerned. • If there are any changes to your National Insurance information, HM Revenue & Customs would contact you – but you can also phone them on 0300 200 3500. • If you are concerned someone might be impersonating USS, please let us know by emailing mydata@uss.co.uk The National Cyber Security Centre and the Information Commissioner’s Office (ICO) both provide guidance that may also be useful. On what grounds can we be sure Capita are addressing this incident robustly? Capita have confirmed that they have taken extensive steps to recover and secure the data as well as monitoring the ‘dark web’. While at present we understand from Capita that the data “exfiltrated” has been secured, we are also taking steps to put our own monitoring in place.
25 May 2023 What is being done to ensure pensions and other data remain secure in the long term? We want to assure members that data privacy and security is a top priority for us. Having reviewed our own systems and controls to ensure they remain robust, we are very confident members’ pensions remain secure. My USS login information has not been compromised. We have strengthened our ID and verification processes and, purely as a precaution, taken our active member Benefit Illustrator offline. We use Capita’s technology platform (Hartlink) to support our in-house pension administration processes. While it has confirmed that USS member data held on Hartlink has not been compromised, regrettably details of USS members were held on the Capita servers accessed by the hackers. We understand this data was contained in files generated by Capita from the main Hartlink system, and held separately on Capita services, to facilitate operational processes. Can someone call using the info copied and change the bank account my pension is paid into over the phone? They would not be able to do this, as a person contacting USS to make changes to a pension would need to know additional information. Is my USS online account safe? Yes, this is a personal data breach and not a breach of My USS login information. Are my investments and pension safe? We are confident members’ pensions remain secure. We have reviewed our own systems and controls to ensure they remain robust. My USS login information has not been compromised. Have you informed the Information Commissioner’s Office (ICO)? Yes, we have reported this to ICO and will work with them on any investigation they choose to conduct and any recommendations they might subsequently make to USS. Have you informed UCU and UUK? Yes. Have you informed The Pensions Regulator? Yes.
25 May 2023 Have you informed the Financial Conduct Authority? Yes. Are you carrying out your own checks? Having reviewed our own systems and controls to ensure they remain robust, we are very confident members’ pensions remain secure. My USS login information has not been compromised. We have strengthened our ID and verification processes and, purely as a precaution, taken our active member Benefit Illustrator offline. How are you going to compensate members if somebody commits ID fraud using the details that have been accessed? We are proactively engaging with Capita in respect of their investigations and are considering the next steps available to us.

Recomendados

Reta email blast anthem
Reta email blast anthemReta email blast anthem
Reta email blast anthem
amason04
 
QA Fest 2015. Per Thorsheim. Lessons learned: When the worlds largest dating ...
QA Fest 2015. Per Thorsheim. Lessons learned: When the worlds largest dating ...QA Fest 2015. Per Thorsheim. Lessons learned: When the worlds largest dating ...
QA Fest 2015. Per Thorsheim. Lessons learned: When the worlds largest dating ...
QAFest
 
pacific-marine-case-study
pacific-marine-case-studypacific-marine-case-study
pacific-marine-case-study
mjstrmiska
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
guest1d1ed5
 
Employer faq and talking points
Employer faq and talking pointsEmployer faq and talking points
Employer faq and talking points
lauricomoli
 
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Jim Brashear
 
Introduction of cyber security
Introduction of cyber securityIntroduction of cyber security
Introduction of cyber security
nahinworld
 
Magic wrighter screen shots
Magic wrighter screen shotsMagic wrighter screen shots
Magic wrighter screen shots
nloring
 

Recomendados

Reta email blast anthem
Reta email blast anthemReta email blast anthem
Reta email blast anthem
amason04
 
QA Fest 2015. Per Thorsheim. Lessons learned: When the worlds largest dating ...
QA Fest 2015. Per Thorsheim. Lessons learned: When the worlds largest dating ...QA Fest 2015. Per Thorsheim. Lessons learned: When the worlds largest dating ...
QA Fest 2015. Per Thorsheim. Lessons learned: When the worlds largest dating ...
QAFest
 
pacific-marine-case-study
pacific-marine-case-studypacific-marine-case-study
pacific-marine-case-study
mjstrmiska
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
guest1d1ed5
 
Employer faq and talking points
Employer faq and talking pointsEmployer faq and talking points
Employer faq and talking points
lauricomoli
 
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Jim Brashear
 
Introduction of cyber security
Introduction of cyber securityIntroduction of cyber security
Introduction of cyber security
nahinworld
 
Magic wrighter screen shots
Magic wrighter screen shotsMagic wrighter screen shots
Magic wrighter screen shots
nloring
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docx
tidwellveronique
 
Adrs Presentation Folder 051909
Adrs Presentation Folder 051909Adrs Presentation Folder 051909
Adrs Presentation Folder 051909
julchap
 
Cy bsec do_d2015
Cy bsec do_d2015Cy bsec do_d2015
Cy bsec do_d2015
Joint Base Myer-Henderson Hall
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
OilPriceInformationService
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
Diane M. Metcalf
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
Matt Siltala
 
Trends 121415 Citizens Bank
Trends 121415 Citizens BankTrends 121415 Citizens Bank
Trends 121415 Citizens Bank
Michael Ouellet
 
Ps sir privacy-statement
Ps sir privacy-statementPs sir privacy-statement
Ps sir privacy-statement
divasia
 
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONCASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
Pankaj Rane
 
Data leakage detbxhbbhhbsbssusbgsgsbshsbsection.pdf
Data leakage detbxhbbhhbsbssusbgsgsbshsbsection.pdfData leakage detbxhbbhhbsbssusbgsgsbshsbsection.pdf
Data leakage detbxhbbhhbsbssusbgsgsbshsbsection.pdf
naresh2004s
 
dataleakagedetection-1811210400vgjcd01.pptx
dataleakagedetection-1811210400vgjcd01.pptxdataleakagedetection-1811210400vgjcd01.pptx
dataleakagedetection-1811210400vgjcd01.pptx
naresh2004s
 
ID Shield Services and Features
ID Shield Services and Features ID Shield Services and Features
ID Shield Services and Features
Antonia McClammy
 
fraudservicecenter@safra.com-
fraudservicecenter@safra.com-fraudservicecenter@safra.com-
fraudservicecenter@safra.com-
Aurorasa Coaching
 
Management Information Systems
Management Information SystemsManagement Information Systems
Management Information Systems
natalie wilt
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
Meg Weber
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
 
Business Identity Theft
Business Identity TheftBusiness Identity Theft
Business Identity Theft
- Mark - Fullbright
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detection
gaurav kumar
 
Business Email Compromise: A Symptom Not A Cause.pdf
Business Email Compromise: A Symptom Not A Cause.pdfBusiness Email Compromise: A Symptom Not A Cause.pdf
Business Email Compromise: A Symptom Not A Cause.pdf
Niloufer Tamboly
 
Identity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for BusinessIdentity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for Business
Herring Consulting & Financial Group
 
Pension dashboards forum 1 May 2024 (1).pdf
Pension dashboards forum 1 May 2024 (1).pdfPension dashboards forum 1 May 2024 (1).pdf
Pension dashboards forum 1 May 2024 (1).pdf
Henry Tapper
 
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
Henry Tapper
 

Más contenido relacionado

Similar a Capita cyber incident QAs 25 May 2023.pdf

Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docx
tidwellveronique
 
Trends 121415 Citizens Bank
Trends 121415 Citizens BankTrends 121415 Citizens Bank
Trends 121415 Citizens Bank
Michael Ouellet
 
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONCASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
Pankaj Rane
 
Data leakage detbxhbbhhbsbssusbgsgsbshsbsection.pdf
Data leakage detbxhbbhhbsbssusbgsgsbshsbsection.pdfData leakage detbxhbbhhbsbssusbgsgsbshsbsection.pdf
Data leakage detbxhbbhhbsbssusbgsgsbshsbsection.pdf
naresh2004s
 
dataleakagedetection-1811210400vgjcd01.pptx
dataleakagedetection-1811210400vgjcd01.pptxdataleakagedetection-1811210400vgjcd01.pptx
dataleakagedetection-1811210400vgjcd01.pptx
naresh2004s
 
Management Information Systems
Management Information SystemsManagement Information Systems
Management Information Systems
natalie wilt
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
Meg Weber
 
Business Email Compromise: A Symptom Not A Cause.pdf
Business Email Compromise: A Symptom Not A Cause.pdfBusiness Email Compromise: A Symptom Not A Cause.pdf
Business Email Compromise: A Symptom Not A Cause.pdf
Niloufer Tamboly
 

Similar a Capita cyber incident QAs 25 May 2023.pdf (20)

Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docx
 
Adrs Presentation Folder 051909
Adrs Presentation Folder 051909Adrs Presentation Folder 051909
Adrs Presentation Folder 051909
 
Cy bsec do_d2015
Cy bsec do_d2015Cy bsec do_d2015
Cy bsec do_d2015
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
 
Trends 121415 Citizens Bank
Trends 121415 Citizens BankTrends 121415 Citizens Bank
Trends 121415 Citizens Bank
 
Ps sir privacy-statement
Ps sir privacy-statementPs sir privacy-statement
Ps sir privacy-statement
 
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONCASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
 
Data leakage detbxhbbhhbsbssusbgsgsbshsbsection.pdf
Data leakage detbxhbbhhbsbssusbgsgsbshsbsection.pdfData leakage detbxhbbhhbsbssusbgsgsbshsbsection.pdf
Data leakage detbxhbbhhbsbssusbgsgsbshsbsection.pdf
 
dataleakagedetection-1811210400vgjcd01.pptx
dataleakagedetection-1811210400vgjcd01.pptxdataleakagedetection-1811210400vgjcd01.pptx
dataleakagedetection-1811210400vgjcd01.pptx
 
ID Shield Services and Features
ID Shield Services and Features ID Shield Services and Features
ID Shield Services and Features
 
fraudservicecenter@safra.com-
fraudservicecenter@safra.com-fraudservicecenter@safra.com-
fraudservicecenter@safra.com-
 
Management Information Systems
Management Information SystemsManagement Information Systems
Management Information Systems
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
 
Business Identity Theft
Business Identity TheftBusiness Identity Theft
Business Identity Theft
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detection
 
Business Email Compromise: A Symptom Not A Cause.pdf
Business Email Compromise: A Symptom Not A Cause.pdfBusiness Email Compromise: A Symptom Not A Cause.pdf
Business Email Compromise: A Symptom Not A Cause.pdf
 
Identity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for BusinessIdentity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for Business
 

Más de Henry Tapper

Más de Henry Tapper (20)

Pension dashboards forum 1 May 2024 (1).pdf
Pension dashboards forum 1 May 2024 (1).pdfPension dashboards forum 1 May 2024 (1).pdf
Pension dashboards forum 1 May 2024 (1).pdf
 
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaign
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdf
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
 
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdfBPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
 
House of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview documentHouse of Commons ; CDC schemes overview document
House of Commons ; CDC schemes overview document
 
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfmagnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
 
Kempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdfKempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdf
 
2024-04-09 - Pension Playpen roundtable - slides.pptx
2024-04-09 - Pension Playpen roundtable - slides.pptx2024-04-09 - Pension Playpen roundtable - slides.pptx
2024-04-09 - Pension Playpen roundtable - slides.pptx
 
Aon-UK-DC-Pension-Tracker-Q1-2024. slideshare
Aon-UK-DC-Pension-Tracker-Q1-2024. slideshareAon-UK-DC-Pension-Tracker-Q1-2024. slideshare
Aon-UK-DC-Pension-Tracker-Q1-2024. slideshare
 
Con Keating's coffee morning presentation.pptx
Con Keating's coffee morning presentation.pptxCon Keating's coffee morning presentation.pptx
Con Keating's coffee morning presentation.pptx
 
Budget 1974.care of Peter Cameron Brown .
Budget 1974.care of Peter Cameron Brown .Budget 1974.care of Peter Cameron Brown .
Budget 1974.care of Peter Cameron Brown .
 
JD ED Strategy Policy and Analysis. TPrpdf
JD ED Strategy Policy and Analysis. TPrpdfJD ED Strategy Policy and Analysis. TPrpdf
JD ED Strategy Policy and Analysis. TPrpdf
 
2024-3-29 - PR Newswire - Federal Judge Says BP Must Reform its Pension Plan.pdf
2024-3-29 - PR Newswire - Federal Judge Says BP Must Reform its Pension Plan.pdf2024-3-29 - PR Newswire - Federal Judge Says BP Must Reform its Pension Plan.pdf
2024-3-29 - PR Newswire - Federal Judge Says BP Must Reform its Pension Plan.pdf
 
Press release from the BP Pensioner Group on the WPC DB report
Press release from the BP Pensioner Group on the WPC DB reportPress release from the BP Pensioner Group on the WPC DB report
Press release from the BP Pensioner Group on the WPC DB report
 
Work and Pensions report into UK corporate DB funding
Work and Pensions report into UK corporate DB fundingWork and Pensions report into UK corporate DB funding
Work and Pensions report into UK corporate DB funding
 
The Pension Regulator's "desputed numbers"
The Pension Regulator's "desputed numbers"The Pension Regulator's "desputed numbers"
The Pension Regulator's "desputed numbers"
 
Advice Guidance Boundary Review Evidence Final Feb 24.pdf
Advice Guidance Boundary Review Evidence Final Feb 24.pdfAdvice Guidance Boundary Review Evidence Final Feb 24.pdf
Advice Guidance Boundary Review Evidence Final Feb 24.pdf
 
CHEMAY Treasury Retirement Phase of Super Submission FINAL February 2024.pdf
CHEMAY Treasury Retirement Phase of Super Submission FINAL February 2024.pdfCHEMAY Treasury Retirement Phase of Super Submission FINAL February 2024.pdf
CHEMAY Treasury Retirement Phase of Super Submission FINAL February 2024.pdf
 

Último

Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
ssuserdda66b
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 

Último (20)

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 

Capita cyber incident QAs 25 May 2023.pdf

  • 1. 25 May 2023 Capita cyber incident - Q&As Capita recently reported a cyber incident involving hackers targeting some of its computer servers – potentially impacting several of the cross-sector businesses it serves. We use Capita’s technology platform (Hartlink) to support our in-house pension administration processes and have been liaising closely with the company over the course of its forensic investigations. While it has been confirmed that USS member data held on Hartlink has not been compromised, we were informed on Thursday 11 May that regrettably details of USS members were held on the Capita servers accessed by the hackers. Capita have since identified from their investigations that personal data was “exfiltrated” (i.e., accessed and/or copied) by the hackers. The information accessed includes: Their title, initial(s), and name; their date of birth; their National Insurance number; their USS member number and their retirement date The details, dating from 2021, cover around 470,000 active, deferred and retired members. Capita have confirmed that they have taken extensive steps to recover and secure the data as well as monitoring the ‘dark web’ to confirm that data compromised as a result of this incident is not circulating more widely. Members are being given access to a leading identity protection service provided by Experian, free of charge, and we will be writing to them week commencing 22 May 2023 setting out how that will work. We have published an update on the USS website and have provided the following Q&As, which we hope will address any immediate questions members may have. Members can also email mydata@uss.co.uk if they have any further queries not covered on www.uss.co.uk. We are proactively engaging with Capita in respect of their ongoing investigations and are considering the next steps available to us. Having reviewed our own systems and controls to ensure they remain robust, we are very confident members’ pensions remain secure. My USS login information has not been compromised. We have strengthened our ID and verification processes and, purely as a precaution, taken our active member Benefit Illustrator offline.
  • 2. 25 May 2023 Experian service-specific How do I know the email I received from USS is genuine? Please check the email address carefully. Our emails to members come from members@news.uss.co.uk If you are concerned someone might be impersonating USS, please let us know by emailing mydata@uss.co.uk I have not received an Experian voucher code. Does that mean my data has not been affected? We are sending the voucher codes to all members in batches, over multiple days, in order to manage demand. We are emailing members for whom we hold a valid email address. Members we don’t have a valid email address for will receive a code by letter. We are monitoring demand on Experian’s support services and this will influence the pace at which our emails and letters will be issued, but we are aiming to have issued all the emails by 31 May. The activation code hasn’t worked Please contact Experian’s Customer Support Centre on 020 8090 3696. They are open Monday to Friday, 8am to 6pm. (Charges for calling 02 numbers are the same as calls made to a standard UK landline.) I can’t get through to the Experian Helpdesk Please keep trying – a number of other companies have been affected by Capita’s data breach and have offered this service so their contact centre is likely to be experiencing high volumes of calls. Why do I need to provide my bank or card details? You may need to provide Experian with some personal details in the sign-up process so that Experian can match them with your credit record for identification purposes and set up your monitoring. Are the questions Experian asking expected as it’s a lot of personal information? If you choose to use the service, you will need to provide Experian with some personal details in the sign-up process so that Experian can match them with your credit record for identification purposes and set up your monitoring. You should review Experian's terms and conditions to make sure you are comfortable sharing the information requested.
  • 3. 25 May 2023 Is Experian covering all data that may have been compromised – like data that Equifax would cover for example? Experian is one of the three main consumer credit reference agencies. They hold information relating to your credit, service and utility accounts. What will happen when I input my details and follow the steps? You will be guided through the process of setting up the Experian Identity Plus services after following the link in the email. If you require additional support, please can the Experian Identity Plus product helpdesk on 020 8090 3696. They are open Monday to Friday, 8am to 6pm. (Charges for calling 02 numbers are the same as calls made to a standard UK landline.) Why is the onus being put on members to monitor their personal information? Capita have confirmed that they have taken extensive steps to recover and secure the data as well as monitoring the ‘dark web’. While at present we understand from Capita that the data “exfiltrated” has been secured, we are also taking steps to put our own monitoring in place. We are proactively engaging with Capita in respect of their investigations and are considering the next steps available to us. Having reviewed our own systems and controls to ensure they remain robust, we are very confident members’ pensions remain secure. My USS login information has not been compromised. We have strengthened our ID and verification processes and, purely as a precaution, taken our active member Benefit Illustrator offline. But we only have oversight of members’ USS accounts. The monitoring service provides far more comprehensive protection for members across services and accounts members may use, but over which we do not (and would not) have any oversight. This service also requires explicit consent to set up and provides direct alerts to members, we therefore cannot set up this service on behalf of members. Does Experian now have my personal data? We have not given Experian any of your information. Should you choose to use the voucher, Experian will be responsible for handling your personal data and you will need to agree to their terms and conditions to this end. Your voucher code lets you sign up for the Experian service free of charge. You will need to provide some personal details in the sign-up process so that Experian can match them with your credit record for identification purposes and set up your monitoring. You may then also choose to ask Experian to monitor the web (including the ‘dark web’) for certain personal details provided by you.
  • 4. 25 May 2023 What happens if there has been activity between the date the hack happened and the date it was identified? The ID protection service will monitor activity based on the information you give to Experian. If you think there has been any suspicious activity on accounts in your name, or anything in your credit record you don’t recognise, contact the organisation concerned as soon as possible. Why are you only providing this service for 12 months? Capita have confirmed that they have taken extensive steps to recover and secure the data as well as monitoring the ‘dark web’. While at present we understand from Capita that the data “exfiltrated” has been secured, we are also taking steps to put our own monitoring in place. We are proactively engaging with Capita in respect of their investigations and are considering the next steps available to us. What should we do if our data is used to take out credit/loans etc? The ID protection service will monitor activity based on the information you give to Experian. If you think there has been any suspicious activity on accounts in your name, or anything in your credit record you don’t recognise, contact the organisation concerned as soon as possible. Should I tell my bank? This is something for you to consider, but we would suggest it is only necessary if you think there has been any suspicious activity on your account. General What member data has been taken? The details, dating from 2021, cover around 470,000 active, deferred and retired members. We understand this data is contained in files generated by Capita from the main Hartlink system, and held separately on Capita services, to facilitate operational processes. Capita have identified from their investigations that personal data was “exfiltrated” (i.e., accessed and/or copied) by the hackers. The information accessed includes: Their title, initial(s), and name; their date of birth; their National Insurance number; their USS member number and their retirement date How many members are affected? The details, dating from 2021, cover around 470,000 active, deferred and retired members. While we await receipt of the specific data from Capita, we have arranged for all current members of the scheme to have access to a leading identity protection service, free of charge.
  • 5. 25 May 2023 When were you first made aware that USS member data had been affected? We have been engaging closely with Capita since it first announced the cyber incident. Capita first formally informed USS of a personal data breach on Thursday 11 May 2023. How quickly did you let members know? Within a day of formally being informed, we published an update and an initial set of Q&As (available via the www.uss.co.uk homepage) to address immediate questions – and began to email members. We will be writing to each of the members affected by this – and, where applicable, their employers – as soon as possible to make them aware, to apologise for any distress or inconvenience caused, and to provide ongoing support and advice. How are you protecting the members affected? We are proactively engaging with Capita in respect of their ongoing investigations and are considering the next steps available to us. Capita have confirmed that they have taken extensive steps to recover and secure the data as well as monitoring the ‘dark web’. Members will be given access to a leading identity protection service provided by Experian, free of charge, and we are writing to them setting out how that will work. What advice can you give to affected members to protect themselves? We would encourage members to only ever give out personal information if they are absolutely sure they know who they are communicating with. • If you receive a suspicious email, you should forward it to report@phishing.gov.uk • For text messages and telephone calls, forward the information to 7726 (free of charge). • For items via post, contact the business concerned. • If there are any changes to your National Insurance information, HM Revenue & Customs would contact you – but you can also phone them on 0300 200 3500. • If you are concerned someone might be impersonating USS, please let us know by emailing mydata@uss.co.uk The National Cyber Security Centre and the Information Commissioner’s Office (ICO) both provide guidance that may also be useful. On what grounds can we be sure Capita are addressing this incident robustly? Capita have confirmed that they have taken extensive steps to recover and secure the data as well as monitoring the ‘dark web’. While at present we understand from Capita that the data “exfiltrated” has been secured, we are also taking steps to put our own monitoring in place.
  • 6. 25 May 2023 What is being done to ensure pensions and other data remain secure in the long term? We want to assure members that data privacy and security is a top priority for us. Having reviewed our own systems and controls to ensure they remain robust, we are very confident members’ pensions remain secure. My USS login information has not been compromised. We have strengthened our ID and verification processes and, purely as a precaution, taken our active member Benefit Illustrator offline. We use Capita’s technology platform (Hartlink) to support our in-house pension administration processes. While it has confirmed that USS member data held on Hartlink has not been compromised, regrettably details of USS members were held on the Capita servers accessed by the hackers. We understand this data was contained in files generated by Capita from the main Hartlink system, and held separately on Capita services, to facilitate operational processes. Can someone call using the info copied and change the bank account my pension is paid into over the phone? They would not be able to do this, as a person contacting USS to make changes to a pension would need to know additional information. Is my USS online account safe? Yes, this is a personal data breach and not a breach of My USS login information. Are my investments and pension safe? We are confident members’ pensions remain secure. We have reviewed our own systems and controls to ensure they remain robust. My USS login information has not been compromised. Have you informed the Information Commissioner’s Office (ICO)? Yes, we have reported this to ICO and will work with them on any investigation they choose to conduct and any recommendations they might subsequently make to USS. Have you informed UCU and UUK? Yes. Have you informed The Pensions Regulator? Yes.
  • 7. 25 May 2023 Have you informed the Financial Conduct Authority? Yes. Are you carrying out your own checks? Having reviewed our own systems and controls to ensure they remain robust, we are very confident members’ pensions remain secure. My USS login information has not been compromised. We have strengthened our ID and verification processes and, purely as a precaution, taken our active member Benefit Illustrator offline. How are you going to compensate members if somebody commits ID fraud using the details that have been accessed? We are proactively engaging with Capita in respect of their investigations and are considering the next steps available to us.