Capita Fined £14m Over 2023 Data Breach Failings, Remediated
🔒 The Information Commissioner’s Office (ICO) confirmed Capita will not appeal a £14m penalty for security failings that led to a March 2023 breach affecting nearly seven million people. The fine was reduced from an initial £45m after the ICO considered post-incident remediation, support to affected individuals and engagement with the NCSC. The regulator cited delayed SOC response, absence of a tiered privileged-access model and siloed pen testing that allowed a threat actor linked to Black Basta to escalate privileges and deploy ransomware.
