In this guide, you can find information on the potential steps that could be taken if your personal data has been affected by a Capita data breach.
Capita experienced two incidents; the first was a cyber attack in March and the second was an online security incident that occurred in May the same year. We will provide further information on the two incidents later on in our guide.
There may be some instances where it is possible to make a personal data breach claim provided the relevant eligibility criteria are met. We will also explore this further as we move through our guide.
Additionally, you can find information on data breach compensation payouts, including what they could comprise and how they could be affected.
Finally, this guide will conclude with an overview of No Win No Fee agreements and the ways a solicitor operating under these terms could help.
If you have any questions, please get in touch via the contact methods below:
Jump To A Section
- Capita Data Breach – When Could You Claim Compensation?
- When Did The Capita Data Breaches Occur?
- How Much Compensation Could You Receive For A Data Breach?
- Evidence That Could Be Used In A Data Breach Claim
- Claim For A Data Breach On A No Win No Fee Basis
- Read More About The Capita Data Breach And Compensation Claims
The UK General Data Protection Regulation and the Data Protection Act 2018 outline the responsibilities that parties, known as data controllers and data processors, have in relation to the processing and storing of your personal data. The Information Commissioners Office (ICO) provides a helpful definition on the role these parties have:
- Data controller – These determine the means and purposes for processing personal data.
- Data processors – These act on behalf of the controller.
If either of these parties were to fail to uphold their responsibilities as per data protection legislation and this led to a breach involving your personal data, you could be caused financial damage or emotional harm as a result.
Personal data is any information that can be used to identify you, whether directly or indirectly. It can include your name, email address, banking information and postal address.
The ICO describe a personal data breach as a security breach that results in personal data being lost, destroyed or altered either unlawfully or accidentally, or disclosed or accessed without authorisation.
In order to have an eligible personal data breach claim, you need to meet three criteria:
- The controller or processor responsible for handling the personal data failed to correctly comply with data protection laws.
- As a result of their wrongful conduct, a breach occurred involving your personal data.
- You suffered financial loss, psychological damage, or both as a result of the breach.
If you would like to understand the potential steps that could be taken should you have received notification that your personal data was affected in a Capita data breach, please get in touch with an advisor.
Capita has systems that administer pensions of more than four million savers on behalf of 450 organisations. Let’s take a look at the two breaches that occurred this year.
In March 2023, Capita suffered a cyber attack. This resulted in information, including home addresses and passport images, circulating on the dark web.
Capita has said that only a small number of its computer servers were compromised during the attack. The Universities Superannuation Scheme (USS) pension fund has said they are in the process of writing to all of its members to inform them about their data being at risk. The letter contains information on the personal data that was accessed and includes the person’s title, name, date of birth, National Insurance number, USS member number and retirement date.
Around 90 organisations in total have been impacted by the Capita data breach. Those who have confirmed they’ve been impacted include:
- Royal Mail
- The Ministry of Defence (MOD)
- Local councils, including Coventry City Council and Derby City Council
- The Royal Bank of Scotland
- The NHS
Later, in May 2023, it emerged that Capita had left data unsecured online. A number of councils, including Colchester City Council, believe their personal data was put at risk. Capita has said it is taking steps to recover and secure the data.
How To Check If You Have Been Impacted By A Capita Data Breach
There are several steps you could take to see if your personal data has been involved in a Capita data breach. For example:
- Contact the organisation directly to find out if your personal data has been affected and the steps they plan to take to rectify the situation. You can do this via letter or email. It’s also important to note that the data controller has a responsibility to notify you of a breach that infringes on your rights and freedoms without undue delay.
- Contact the ICO as they may investigate your concerns. They are aware of the incidents and have been contacted by around 90 organisations so far.
If you’ve received a notification confirming you’ve been impacted by the Capita data breach, a compensation claim could be possible. To find out more, contact us on the number at the top of this page.
Following a successful personal data breach claim, compensation could be awarded for the following:
- The financial losses you have experienced as a result of the personal data breach. This is referred to as material damage and can include money stolen from your bank account, or loans that have been taken out in your name due to having your bank details compromised, including your credit and debit card information.
- The psychological harm, referred to as non-material damage, that you have experienced due to the breach of your personal data. This can include mental health problems such as anxiety, depression, stress, distress and, in more severe cases, post-traumatic stress disorder.
In order to accurately value the mental harm you have suffered, solicitors can refer to the guideline award brackets set out in the Judicial College Guidelines (JCG). You can find some of these figures in the table below. However, you should only use them as a guide because settlements can vary.
|Type of Harm||Details||Severity||Guideline Compensation Brackets|
|Psychological Harm||A poor prognosis with the person experiencing marked problems coping with different areas of life.||Severe (a)||£54,830 - £115,730|
|Psychological Harm||The person has a better prognosis than above but there are still significant problems with coping with different areas of life.||Moderately Severe (b)||£19,070 - £54,830|
|Psychological Harm||A good prognosis and a significant improvement.||Moderate (c)||£5,860 - £19,070|
|Psychological Harm||The award given will depend on the length of disability and the extent to which daily activities were affected.||Less Severe (d)||£1,540 - £5,860|
|PTSD||Permanent issues that mean the person can't function at the same level as before the trauma.||Severe (a)||£59,860 - £100,670|
|PTSD||Whilst effects are likely to cause a significant disability for the foreseeable future, the person will have made some recovery after seeking professional help.||Moderately Severe (b)||£23,150 - £59,860|
|PTSD||A large recovery and any ongoing issues are not majorly disabling.||Moderate (c)||£8,180 - £23,150|
|PTSD||Virtually a full recovery within 1 - 2 years. Persisting symptoms are only minor.||Less Severe (d)||£3,950 - £8,180|
For further guidance on data breach claim values please get in touch on the number above. An advisor can provide a free estimate of your potential claim.
There are several types of evidence that could help to support a personal data breach claim, including:
- Any correspondence between you and the organisation.
- A copy of your medical records, such as a report from your doctor or psychotherapist, that shows any emotional harm.
- Proof of any financial losses, such as bank statements and credit reports.
- Letter of notification that shows the involvement of your personal data in a breach.
- Findings from an ICO investigation, if they support your case.
If you are struggling with gathering evidence to support your potential claim, please speak with an advisor. They may be able to connect you with a solicitor who can assist you throughout the claims process, provided you have valid grounds to seek compensation.
To learn more about how a solicitor from our panel could help and whether you’re eligible to work with them, please call an advisor using the number above.
The solicitors from our panel can offer their services on a No Win No Fee basis by offering you a Conditional Fee Agreement. In doing so, they would be able to assist you with your claim without requiring payment for their services upfront, while your case is in progress or if it fails.
If your case is not successful, you will pay a percentage of your compensation to your solicitor. This is known as a success fee. However, the amount your solicitor can take is restricted by the law and they will discuss the fee prior to beginning any work on your case.
For more information, please get in touch with an advisor. They can answer any other questions you might have after reading our guide. To reach them, you can:
For more of our helpful guides:
For more external resources:
- ICO – Make a complaint
- National Cyber Security Centre – How do cyber attacks work?
- GOV.UK – Avoid and report internet scams and phishing
Thank you for reading this guide on the potential steps that could be taken if your personal data was affected by a Capita data breach. A compensation claim could be possible if you’ve been affected. If you have any other questions, please get in touch on the number above.