back to article Capita IT breach gets worse as Black Basta claims it's now selling off stolen data

Black Basta, the extortionists who claimed they were the ones who lately broke into Capita, have reportedly put up for sale sensitive details, including bank account information, addresses, and passport photos, stolen from the IT outsourcing giant. A spokesperson for the London-based corporation, which has UK government …

  1. Dr Who

    So ....

    The crap 'it a fan

    1. ecofeco Silver badge

      Re: So ....

      Well played. Well played.

  2. Anonymous Coward
    Anonymous Coward

    Would love to see

    the discussions between the DWP and Capita on the techniques to use to delay and deny claims for ESA and PIP. It's patently clear there is a playbook.

    I suspect that Crapita were given a limit of claims they could allow.

    1. Anonymous Coward
      Anonymous Coward

      I'm sure they weren't that foolish

      That would be far too easy to discover and challenge in court.

      I'm certain Crapita was paid based on how many claims they denied. They have a long history of "negotiating" such things.

  3. Anonymous Coward
    Anonymous Coward

    Crap IT? Ah!

    We all know this wont stop Crapita getting their usual fat govt contracts in future though.

    1. Headley_Grange Silver badge

      Re: Crap IT? Ah!

      It's a pretty low bar - Fujtsu let innocent people go to prison and they still win government contracts.

      1. Blitheringeejit

        Re: Crap IT? Ah!

        "Fujtsu lied on oath to send innocent people to prison and they still win government contracts."


      2. Ben 56

        Re: Crap IT? Ah!

        Some of which died or committed suicide, so corporate manslaughter really...

        1. An_Old_Dog Silver badge


          When "the system" so blatantly fails to police itself, some of its victims will suicide, and some will come looking for large-scale revenge.

        2. steviebuk Silver badge

          Re: Crap IT? Ah!

          And still they appear to either being unwilling to pay out or the payout is peanuts.

    2. Fruit and Nutcase Silver badge

      Re: Crap IT? Ah!

      I'm surprised they were not mentioned wrt the NHS FDP contract. Then again, I guess they probably knew it was not worth making the effort when it is not a level playing field

  4. tiggity Silver badge

    Reputational damage

    Can Crapita cannot really suffer much additional reputational damage? Everyone I know who has had to deal with them* despises them.

    * I don't know any people receiving corporate freebies or similar from Crapita - I would guess they are probably the only people with a favourable view of them

    1. Blitheringeejit

      Re: Reputational damage

      A generation of outsourcing public services for the sake of political ideology has left us with providers who are every bit as awful as the original public-sector organisations, but who are now too big to fail and too intransigent to reform. Reputation only matters to the accountable.

      1. Anonymous Coward
        Anonymous Coward

        Re: Reputational damage

        the original public sector organisations WEREN'T bad. What we're seeing now is 40 odd years of concentrated effort on the part of the outsourcers and auditors like Accentshite into removing the good people from Govt departments Worldwide and forcing Governments essentially into taking on their services, many times for FREE to get a foot in the door or at a loss.

        Internal staff will ALWAYS be better than a consultancy and you get to keep the expertise, unlike the consultancies or MSP's who'll bugger off without doing any documentation.

        Carrilion failed, Fujitsu or any firm that has taken management from them should NEVER be allowed near any Government contract. I'm still amazed that the whole management layer isn't in jail yet over the Post Office fiasco.

        Capita should never see another contract, government or private again!

        We should be seeing high public sector wages, the removal of IR35 rules to get direct hiring back in fashion and the refusal to use any of the big consultancies or any MSP.

        1. Blitheringeejit

          Re: Reputational damage

          I agree completely.

          But there is a genuine problem with the salary levels required for decent IT staff - public sector payscales correlate seniority with salary, and the salary expectation of a decent IT wonk would place them inappropriately high up in the management structure of any public sector organisation. No department director in a local authority wants to find themselves being paid less than a programmer or IT strategist who sits three tiers of management below them.

          But it would be both wonderful if a solution to this problem could be found, and direct employment of good IT teams could be viable again in the public sector - and it would certainly save a great deal of taxpayers' money in the long run.

        2. Blitheringeejit

          Re: Reputational damage

          "the original public sector organisations WEREN'T bad. "

          People my age remember when the public sector included car manufacturers who made really crappy vehicles on the occasional days that they weren't on strike, and when waiting months for the GPO to install a phone line was universal rather than being the occasional Openreach screwup it is now.

          But that's not the whole picture, and you're right about some areas - the white collar public sector (NHS, education etc) was much better-resourced and more effective than it is now, and I knew people who worked directly in IT roles for the NHS and for local authorities.

          But that was when the basic rate of income tax was 33%, and the top rate was in the 80s - and those working in public-sector IT didn't expect six-figure salaries. I doubt that anyone in modern Britain is about to get elected on a manifesto of putting failing public sector organisations back on their feet by upping income tax by half - much as that could well erode inequality and build a healthier and happier nation. People nowadays prefer to keep their hard-earned for spending on gambling, pay-TV, and leasing the latest chelsea tractor for the school run - they don't want some well-meaning lefty fuckwit giving any of it to the poor.

          1. Anonymous Coward
            Anonymous Coward

            Re: Reputational damage

            I Agree with you about the cars (although all cars were rubbish until the Japanese got into the game) However, the GPO delivery of telephones lines...lets not forget how long it takes to get those lines in.

            I've waited 4 years for fibre so far because people have to dig the roads...the ONLY reason Openreach can get you internet in 2 weeks is because the tax payer spent a fortune in the 70s and 80s paying for the holes to be dug all over the country. Every other poor bugger has to go through the nightmare of digging up entire towns to get their cables in because somehow OpenReach are allowed to keep hold of that last mile, which the taxpayer paid for in the beginning.

            and don't get me STARTED on the fact that every house in this country should have had fibre in the 90s!! Privatisation driving the way forwards. over 2 decades down and we STILL don't have fibre to the wall in most places.

          2. Terry 6 Silver badge

            Re: Reputational damage

            People my age remember when the public sector included car manufacturers who made really crappy vehicles on the occasional days that they weren't on strike, and when waiting months for the GPO to install a phone line was universal

            I'm 65.

            These aren't what people mostly refer to as the "public sector". Also, Post Office telephones was a dinosaur of the early days of telecommunications, which is why it was added to the post office. The Royal Mail/Post Office was good compared to many/most other countries and provided far more than we get today.

            But the "public sector" did include local authority "Direct Works" and Parks departments. And most of these were pretty good. Especially considering the begrudging attitude we have to public spending- even though these are the same service we most want. Like getting bins emptied and roads repaired. Or keeping libraries open and schools' roofs from leaking.

      2. Terry 6 Silver badge

        Re: Reputational damage

        "e every bit as awful as the original public-sector organisations,"

        Herein lies part of the problem. They weren't, by and large. awful. Or even bad.And weren't spending lots of our money on feeding shareholders and C Suite execs etc.

        Sometimes bureaucratic. But most of the claims were simply demonising by the very people who now benefit from megacorp cheques or own megacorp newspapers. Just as Brexit was built on the foundations of stories about "straight cucumbers" and so forth.And also by the same people for the same motives. ££££££

        1. david bates

          Re: Reputational damage

          Actually Brexit was built on stories of an EU wide armed forces, which we were assured was silly and would never happen.... Care to put your house on it not happening...?

          1. abend0c4

            Re: Reputational damage

            I seem vaguely to recall it was all about itinerant Turks and compulsory garlic. It couldn't by any chance have been an Ark B ploy by the EU all along?

          2. Nuff Said

            Re: Reputational damage

            "Actually Brexit was built on stories of an EU wide armed forces" - in your head only I suspect.

            Ask anyone who voted Brexit why, and the vast majority will say one or more of immigration, sovereignty or freedom from EU interference/regulation. I doubt they will be able to explain what they actually mean or back it up with facts, but those were by far the main drivers.

    2. Anonymous Coward
      Anonymous Coward

      Re: Reputational damage

      Most of the Crapita contracts I'm aware of were gained by doing the lowest cost - the "CIPS Gold" (in inverted commas because, well, it's useless) sourcing teams in councils don't look at value, just the bottom line cost, and thus whoever submits the cheapest quote gets the contract. Crapita are aware of this and generally undercut / undervalue their bids compared to the competition to get the contract, and then tend to run day to day on multiple change requests. 'Oh - you want us to do our job? Well, it wasn't in the contract so it's a CR...' etc

  5. Anonymous Coward
    Anonymous Coward

    Funny but...

    Who decided that Crapita can skip the GDPR Rules about notifying those people whose details have been stolen within 24 hours?

    I'm hoping for a MASSIVE GDPR fine headed their way...

    1. phuzz Silver badge

      Re: Funny but...

      It's within 72 hours, and it's "where feasible":

      In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

      Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.


      They'll weasel out if it by saying they wanted to be "sure" that particular details were leaked. So you should expect them to notify you (well, the ICO) about 71 hours after your details are spaffed all over the internet.

      1. Cav Bronze badge

        Re: Funny but...

        It's not to the individuals concerned: "notify the personal data breach to the supervisory authority competent in accordance with Article 55..."

  6. Roopee


    “We continue to work closely with specialist advisers and forensic experts” - with all those billions in the bank you’d assume they had that sort of expertise in-house. Perhaps they follow their own advice and outsource their vital services to a bunch of incompetent low-lifes... ?

  7. s. pam

    “We continue to work closely with specialist advisers and forensic experts”

    what the actual hell are they doing then? they regularly advertise themselves to all and sundry in their RFP responses as full service expertise in all fields of computing.

    clearly someone forgot to write their responses on bog roll eh?

  8. t245t

    A bit sparse on the technical details

    What was the nature of the breech. Please provide full technical details.

  9. Anonymous Coward
    Anonymous Coward

    Smart Metering

    Dont forget they also run the smart metering infrastracture for the whole of the uk....

    Smart DCC Ltd is a wholly owned subsidiary of Capita plc and is regulated by Ofgem. Registered in England under company number 08641679.

    Also due to governemnt rules on contract assignments you are not allowed to take performance on any previous government contracts into account when awarding new ones. So reputational damage doesnt really matter and they can continue to milk us all without recource.

    1. Anonymous Coward
      Anonymous Coward

      Re: Smart Metering

      > Dont forget they also run the smart metering infrastracture for the whole of the uk....

      I assume you meant "for the whole of GB" - Northern Ireland is a separate powergrid than GB and there's no smart metering here (yet AFAIK) and if there ever will be I assume it will be run separately than that of GB.


      "The Department for the Economy (DfE) has no plans at present to install smart meters in Northern Ireland"

    2. Anonymous Coward
      Anonymous Coward

      Re: Smart Metering

      funny enough the DCC shit show has been having major issues for weeks. Utter shambles that project. I feel sorry for the energy providers who get the shit when you can't see your smart meter data in their apps when 9 times out of 10 its a DCC issue

  10. Howard Sway Silver badge

    the IT breach was worse than Capita has admitted to

    Darn it, all the eggs in my basket just broke!

  11. Orddu

    In June 2021 I emailed Capita to complain about their somewhat cavalier attitude in asking for (plain bog-standard) emails detailing full name/DoB/NI number/inside leg/address etc.

    Their reply was basically, "and the horse you rode in on".

    Reap what you sow, chaps.

  12. Crypto Monad Silver badge

    "There is no suggestion of wrongdoing by Capita"

    Failing to secure personal data *isn't* wrongdoing??

    1. ecofeco Silver badge

      Re: "There is no suggestion of wrongdoing by Capita"

      Not when the well connected do it. Much like all crimes.

    2. Derezed

      Re: "There is no suggestion of wrongdoing by Capita"

      No it’s incompetence. Wrongdoing has intent.

      1. Korev Silver badge

        Re: "There is no suggestion of wrongdoing by Capita"

        It'd be very interesting to see if there were any techies in Capita who spotted the problem and were then either ignored and/or not allowed to fix it. If that is the case then I'd say it would definitely be wrongdoing.

  13. Anonymous Coward
    Anonymous Coward

    Luckly the capita internal network is so shit that most of the time we cant get to our own systems, so if hackers could connect to all the systems then they have have fixed many of the routing issues

  14. Salznet61

    Capita hack

    It doesn't just affect large firms I in a group of people whose pensions are administrated by capita we have been told they have loads of our data including names ,d.o.b,national insurance numbers location phone numbers and employment history as well as bank details we are all quite worried they took 12 weeks to inform us and I have had an increase in scam calls and 2 credit card applications gone in I am severely disabled and housebound and this is causing me so much stress and there's not much I can do except wait

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like