
Under GDPR Can an Individual be Held Responsible?
The GDPR is a set of strict rules that must be adhered to when processing the personal data of EU citizens. Failure to comply with
Are you a USS member who had an account of Capita before the 31st of March 2023? If so, then there’s a high chance that your data was breached alongside 370,000 other members. Contact us today to join them in their compensation claim against Capita.
As featured in
£4,000 Average Claim
Customers, on average claim £4,000 from incidents of data breach
Free Expert Advice
Experts are ready and waiting to advise you in any way you need
No win, no fee
All solicitors work on a no win, no fee basis. 100% free, unless your claim is successful
60 second check
It only takes 60 seconds to begin your check for a potentially huge payout
No risk involved
There’s no risk in checking. It will not affect your credit score and it’s free
The USS, or Universities Superannuation Scheme, is one of the largest private pension schemes for universities and other institutions within higher education in the United Kingdom. Capita is a business that provides valuable administrative support for the USS and other pension schemes.
On the 31st of March, Capita noticed that there were unauthorised individuals accessing their server. Three days later, on the 3rd of April, Capita announced confirmation of the cyber attack but claimed there was no evidence of customer data being accessed and/or copied.
However, after beginning an investigation, it was discovered that the hackers had indeed done just that. The records that had been accessed and/or copied date back to 2021, totalling a whopping 370,000 members having potentially had their information leaked.
This means Capita failed to keep the personal information of their members safe as per the Data Protection Act 2018, meaning they are open to compensation claims from affected people.
On the 31st of March, files as far back as 2021 were accessed and may have been copied. Capita has stated that the likelihood of attempted identity thefts as a result of this breach is low, but the following is what has been leaked:
It is yet unknown if the cyber attackers have any intention to use these details. This is undoubtedly a case of unauthorised access to private information.
When exactly the breach happened is unclear, but the chief executive himself made a statement explaining the situation, as well as the measures being taken to correct and prevent such incidents in the future.
Compensation claims for data breaches aren’t limited to those who have suffered financial losses. Numerous claims have been initiated due to emotional distress caused by the breach. Indeed, the potential harm from, for instance, the disclosure of your home address, can lead to significant stress and hardship, thereby justifying claims solely based on emotional distress.
An example of this is the fairly infamous “Vidal-Hall vs Google 2015”, which was a landmark ruling in the UK in the data breach realm. Through illegally accessing and placing trackers on others’ computers, Google was able to target specific advertisements towards the victims.
Although this doesn’t sound like a massive deal to the average person, it was to those affected. This is because the people who had their data breached underwent a large amount of emotional distress from the targeted campaign. As a result, the UK Court of Appeal ruled in their favour, claiming that even if you do not lose financial or material damage, you can still receive compensation for your pain.
This decision marked a significant change in the UK Law regarding data breaches, increasing the level of care many organisations that hold personal data had when dealing with it.
The Data Protection Act 2018 represents the UK’s adaptation of the General Data Protection Regulation (GDPR). It’s a thorough architecture for data protection law in the UK, replacing the previous 1998 Data Protection Act.
The main facets of the Data Protection Act 2018 encompass:
Failure to comply with the Data Protection Act 2018 can lead to substantial fines. Therefore, it’s crucial that businesses comprehend their responsibilities under this law and take necessary measures to ensure compliance.
Want to know if you qualify? It’s simple and takes only a moment of your time. Just complete a brief form with some basic information, which will then be sent to a professional data breach claims handler.
If you’re concerned about the cost of such specialised service, rest assured – all our legal experts handling data breaches operate on a no-win, no-fee basis.
This implies that initiating a claim will not incur any out-of-pocket expenses for you. A service fee is only charged upon a successful claim, and this is deducted from your compensation sum.
Don’t delay. Take the first step towards potential compensation by signing up for a free consultation today.
USS Members released a statement on their website regarding the issue:
“Capita recently reported a cyber incident involving hackers targeting some of its computer servers – potentially impacting several of the cross-sector businesses it serves. We use Capita’s technology platform (Hartlink) to support our in-house pension administration processes and have been liaising closely with the company over the course of its forensic investigations.
While it has been confirmed that USS member data held on Hartlink has not been compromised, we were informed on Thursday 11 May that regrettably details of USS members were held on the Capita servers accessed by the hackers. The information potentially accessed includes: Their title, initial(s), and name; their date of birth; their National Insurance number; their USS member number Capita have also informed us that retirement dates were contained in the files. The details, dating from early 2021, cover around 470,000 active, deferred and retired members. While Capita cannot currently confirm if this data was definitively “exfiltrated” (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was. We are awaiting receipt of the specific data from Capita, which we will in turn need to check and process.
Members will be given access to a leading identity protection service, free of charge, and we will be writing to them as soon as possible setting out how that will work. We have published an update on the USS website and have provided the following Q&As, which we hope will address any immediate questions members may have. Members can also email mydata@uss.co.uk if they have any further queries not covered on www.uss.co.uk. We are proactively engaging with Capita in respect of their ongoing investigations and are considering the next steps available to us. We also continue to engage with them about the ongoing support they will be providing to those affected. ”
Capita claims that they cannot confirm whether or not the data was tampered with, but this still puts a lot of people in a poor predicament. After all, instead of anything conclusive, those who had their information tampered with are now faced with not knowing what the level of danger is. As such, we agree with Capita’s own recommendation – to proceed to assume there’s a serious threat to people’s security.
Since the 31st of March, until confirmation of the breach’s effects had been announced, there were 48 days that had passed. Capita claimed to be investigating during this time, but we have to wonder just how much time really would’ve been needed to uncover what was and wasn’t accessed.
Free Consultation
We offer a free data breach consultation to anyone who is looking to make a claim
No win, no fee
If your case or cases have no financial payout to you, you don’t pay a single penny
Data breach experts
We use dedicated data breach solicitors who have handled thousands of data breach claims
Peter is a solicitor who has worked as a professional litigator for 3 years. More recently Peter has specialised in data breach compensation claims and over the last 2.5 years has gained a wealth of knowledge in this sector. Peter now works with us to share his knowledge and inform the general public.
As featured in the national press.
Click one to see more.
The GDPR is a set of strict rules that must be adhered to when processing the personal data of EU citizens. Failure to comply with
You could be in line for data breach compensation worth thousands if your child’s data has been affected by a company’s data breach Parents know
If a company or organisation is storing your personal data and fails to keep it secure which has ultimately resulted in a breach, you have
Alternatively, give one of our solicitors a call free on 0330 828 1764
Lines open 9am – 5pm Mon to Fri
Our collective has dealt with over 14,000 data breach cases
Lines open 9pm – 5pm Mon to Fri
Egerton House, 2 Tower Road, G5D, Birkenhead CH41 1FN
© DataBreach Claims 2023. Data Breach Claims is a trading name of Evans Hughes Ltd company number 12573301. Authorised and regulated by the Financial Conduct Authority 927014. Evans Hughes Ltd is registered with the Information Commissioner’s Office under registration reference ZA754708. This website is operating in accordance to the privacy policy. ICO reg no. ZA473694. Data Breach Claims connects clients to regulated solicitors who deal with data breaches. We do not perform any legal services but simply connect you to a legal representative.