has dealt with over 14,000 data breach enquiries

Call free

USS / Capita Data Breach Compensation

Are you a USS member who had an account of Capita before the 31st of March 2023? If so, then there’s a high chance that your data was breached alongside 370,000 other members. Contact us today to join them in their compensation claim against Capita.

Data breaches have been featured in

Why Choose Data Breach Claims

£4,000 Average Claim

Customers, on average can claim up to £4,000+ from incidents of data breach

Free Expert Advice

Experts are ready and waiting to advise you in any way you need

No win, no fee

All solicitors work on a no win, no fee basis. 100% free, unless your claim is successful

60 second check

It only takes 60 seconds to begin your check for a potentially huge payout

No risk involved

There’s no risk in checking. It will not affect your credit score and it’s free

The USS / Capita Data Breach

The USS, or Universities Superannuation Scheme, is one of the largest private pension schemes for universities and other institutions within higher education in the United Kingdom. Capita is a business that provides valuable administrative support for the USS and other pension schemes. 

On the 31st of March, Capita noticed that there were unauthorised individuals accessing their server. Three days later, on the 3rd of April, Capita announced confirmation of the cyber attack but claimed there was no evidence of customer data being accessed and/or copied. 

However, after beginning an investigation, it was discovered that the hackers had indeed done just that. The records that had been accessed and/or copied date back to 2021, totalling a whopping 370,000 members having potentially had their information leaked. 

This means Capita failed to keep the personal information of their members safe as per the Data Protection Act 2018, meaning they are open to compensation claims from affected people. 

USS Logo
capita logo

Why are people making claims against the Capita for their USS member data breach?

On the 31st of March, files as far back as 2021 were accessed and may have been copied. Capita has stated that the likelihood of attempted identity thefts as a result of this breach is low, but the following is what has been leaked: 

  • Titles
  • Initials
  • Names
  • Date of Birth
  • National Insurance Numbers
  • USS Member Name
  • Retirement Dates


At the time of the announcement, the finer details of the breach was unclear, such as when it happened and how. However, since then, not only has information on a second breach become available.

We will go over the details of both breaches below. 

March 2023 - USS / Capita Data Breach

Capita’s March 2023 breach was a massive one, and will likely damage the company beyond recognition. 

The breach affected members of over 60 pension schemes. 

Of all these schemes, the largest by far is the USS Scheme. With over 370,000 members affected, the scandal is often referred to as the USS Data Breach at times. 

Are you a member of any of the companies affected? If so, you should get in contact with us ASAP to see if you are viable for a data breach. 

May 2023 - Capita Local Authority Scandal

Despite only being two months away from one of the largest data breaches in 2023, Capita had another incident that caused panic in the government. 

It was found that Capita had been keeping sensitive information regarding benefits on publically accessible channels. 

This prompted many local authorities to scramble and put their security into overdrive, as they were under the belief that the data of their organisations, and the clients which used them, was compromised. 

Am I eligible for the USS / Capita Data Breach compensation claim despite no financial loss?

Compensation claims for data breaches aren’t limited to those who have suffered financial losses. Numerous claims have been initiated due to emotional distress caused by the breach. Indeed, the potential harm from, for instance, the disclosure of your home address, can lead to significant stress and hardship, thereby justifying claims solely based on emotional distress.

An example of this is the fairly infamous “Vidal-Hall vs Google 2015”, which was a landmark ruling in the UK in the data breach realm. Through illegally accessing and placing trackers on others’ computers, Google was able to target specific advertisements towards the victims. 

Although this doesn’t sound like a massive deal to the average person, it was to those affected. This is because the people who had their data breached underwent a large amount of emotional distress from the targeted campaign. As a result, the UK Court of Appeal ruled in their favour, claiming that even if you do not lose financial or material damage, you can still receive compensation for your pain. 

This decision marked a significant change in the UK Law regarding data breaches, increasing the level of care many organisations that hold personal data had when dealing with it.

The Data Protection Act 2018 represents the UK’s adaptation of the General Data Protection Regulation (GDPR). It’s a thorough architecture for data protection law in the UK, replacing the previous 1998 Data Protection Act.

The main facets of the Data Protection Act 2018 encompass:

  1. Safeguarding Personal Data: This Act underscores the importance of preserving personal data. It dictates the means of gathering, processing, storing, and discarding this information.
  2. Consent: Organisations are required to obtain explicit consent to gather and utilise data. Moreover, they must facilitate the process for individuals to retract their consent.
  3. Access to Data: Individuals are entitled to learn what data about them is being collated, the purpose of its collection, and how it’s being utilised. They can also demand copies of their personal data.
  4. Data Portability: Individuals are allowed to request the transfer of their personal data to another service provider.
  5. Right to be Forgotten: Under certain circumstances, individuals can ask for their data to be deleted.
  6. Data Protection Officers (DPOs): Certain entities must assign a DPO to supervise data protection strategies and implementation.
  7. Notification of Breach: If an organisation undergoes a data breach, they are obliged to report it to the Information Commissioner’s Office (ICO) within 72 hours, and in some cases, they might also need to notify the individuals affected.

Failure to comply with the Data Protection Act 2018 can lead to substantial fines. Therefore, it’s crucial that businesses comprehend their responsibilities under this law and take necessary measures to ensure compliance.

Am I eligible for the USS / Capita Data Breach Compensation Claim?

Want to know if you qualify? It’s simple and takes only a moment of your time. Just complete a brief form with some basic information, which will then be sent to a professional data breach claims handler.

If you’re concerned about the cost of such specialised service, rest assured – all our legal experts handling data breaches operate on a no-win, no-fee basis.

This implies that initiating a claim will not incur any out-of-pocket expenses for you. A service fee is only charged upon a successful claim, and this is deducted from your compensation sum.

Don’t delay. Take the first step towards potential compensation by signing up for a free consultation today.

USS Members released a statement on their website regarding the issue:

“Capita recently reported a cyber incident involving hackers targeting some of its computer servers – potentially impacting several of the cross-sector businesses it serves. We use Capita’s technology platform (Hartlink) to support our in-house pension administration processes and have been liaising closely with the company over the course of its forensic investigations. 

While it has been confirmed that USS member data held on Hartlink has not been compromised, we were informed on Thursday 11 May that regrettably details of USS members were held on the Capita servers accessed by the hackers. The information potentially accessed includes: Their title, initial(s), and name; their date of birth; their National Insurance number; their USS member number Capita have also informed us that retirement dates were contained in the files. The details, dating from early 2021, cover around 470,000 active, deferred and retired members. While Capita cannot currently confirm if this data was definitively “exfiltrated” (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was. We are awaiting receipt of the specific data from Capita, which we will in turn need to check and process. 

Members will be given access to a leading identity protection service, free of charge, and we will be writing to them as soon as possible setting out how that will work. We have published an update on the USS website and have provided the following Q&As, which we hope will address any immediate questions members may have. Members can also email if they have any further queries not covered on We are proactively engaging with Capita in respect of their ongoing investigations and are considering the next steps available to us. We also continue to engage with them about the ongoing support they will be providing to those affected. ” 

Capita claims that they cannot confirm whether or not the data was tampered with, but this still puts a lot of people in a poor predicament. After all, instead of anything conclusive, those who had their information tampered with are now faced with not knowing what the level of danger is. As such, we agree with Capita’s own recommendation – to proceed to assume there’s a serious threat to people’s security. 

Since the 31st of March, until confirmation of the breach’s effects had been announced, there were 48 days that had passed. Capita claimed to be investigating during this time, but we have to wonder just how much time really would’ve been needed to uncover what was and wasn’t accessed.

Why use us?

Free Consultation

We offer a free data breach consultation to anyone who is looking to make a claim

No win, no fee

If your case or cases have no financial payout to you, you don’t pay a single penny

Data breach experts

We use dedicated data breach solicitors who have handled thousands of data breach claims

Peter is a solicitor who has worked as a professional litigator for 3 years. More recently Peter has specialised in data breach compensation claims and over the last 2.5 years has gained a wealth of knowledge in this sector. Peter now works with us to share his knowledge and inform the general public.

Data breaches have been featured in the national press.

Read More
Claimed compensation on my behalf thanks! Outstanding professional service!
Read More
Helped me get my claim over the line. Rachel was very helpful throughout
Read More
Very professional service, completed my claim swiftly
Read More
Lovely supportive team! Sarah is brilliant, she helped me get through a tough period, always stayed in contact with me and referred me to the best of people resulting in an excellent outcome. Highly recommend!
Read More
I found them a pleasure to deal with. Very clear and easy to understand. A good service.
Read More
They dealt professionally and quickly with our data breach compensation claim. The staff went above and beyond our expectations and were very friendly and helpful. Would definitely use again.
Read More
They dealt professionally and quickly with our data breach compensation claim. The staff went above and beyond our expectations and were very friendly and helpful. Would definitely use again.

Guides & Articles

Click one to see more.

We're ready to help you get the compensation you deserve

Alternatively, give one of our solicitors a call free on 0333 241 2521

Lines open 9am – 5pm Mon to Fri

Has your data been handled incorrectly?