Capita investigates authenticity of ransomware gang leaks

Capita, the United Kingdom’s largest outsourcing company, said on Monday that it has not yet been able to confirm whether data released by a ransomware group was in fact stolen from the company.

The London Stock Exchange-listed business announced two weeks ago that an IT outage “primarily impacting access to internal Microsoft Office 365 applications” — leaving staff locked out of their accounts — was caused by a cybersecurity incident.

The Black Basta ransomware group subsequently claimed to be behind the attack and included Capita among its listings of victims.

The criminals have begun posting what appear to be documents stolen from Capita, including data regarding teachers in Sheffield and client bank account information, as reported by the Sunday Times newspaper.

Sheffield City Council was not immediately able to comment on the claims.

A spokesperson for Capita told The Record on Monday that the company has not been able to confirm the source of the information released by the ransomware group.

Capita told The Record that the company’s specialist advisers and forensic experts are continuing to investigate. The company is understood to be working to establish whether the data is authentic or if the extortion group had cobbled it together from other sources.

Earlier this month, in Capita’s statement to the Regulatory News Service — the formal mechanism for publicly listed companies in the U.K. to communicate to the market — it said there was “no evidence of customer, supplier or colleague data having been compromised.”

Capita has apparently clarified that such evidence may emerge as the company continues to analyze the incident: “Our investigations have not yet been able to confirm any evidence of customer, supplier or colleague data having been compromised.”

Capita said that once its investigations have concluded, it “will if necessary inform any impacted parties. We have taken all appropriate steps to ensure the robustness of our systems and are confident in our ability to meet our service delivery commitments.”

The company added it was “in constant contact with all relevant regulators and authorities.”

Capita’s share price has dropped more than 11% from a high of £38.64 ($47.97) on Thursday, March 30, the day before the incident was first reported, to £34.04 ($42.26) on Monday morning.

In its full year results published last month, Capita reported £2.8 billion ($3.45 billion) in total revenue. Its public service division brought in £1.4 billion ($1.7 billion) of that.

Capita’s numerous contracts within the British public sector include several with the Ministry of Defence. Last year, a consortium it leads took control over engineering and maintenance support of training simulators for the Royal Navy’s nuclear-powered ballistic missile submarines used as part of the U.K.’s nuclear deterrent.

It is not known to what extent, if any, the criminals have compromised sensitive information relating to these contracts.