Capita has denied suggestions there is any basis for legal action over last year’s Russia-linked cyber attack, after thousands of pension holders launched legal action over the incident.
Lawyers representing over 5,000 pension holders filed a claim against the outsourcer at the High Court on Friday, the Telegraph reported, in what marks the first litigation since the attack.
A data breach in March leaked personal information and passport images across the web, costing the firm up to £25m and “substantially” impacting its pensions business. Some pensioners were warned that information such as national insurance details may have been stolen.
The attack affected customer data for a slew of renowned brands including M&S, Diageo, Unilever, and Rothesay and hit the firms’ share price over the following months.
In a statement, Capita said: “There is no evidence of any information in circulation, on the dark web or otherwise, resulting from the cyber incident, and no evidence linking Capita data to fraudulent activity.”
“We strongly reject any suggestion that there is any valid basis for bringing a claim against [the firm].”
Barings, the law firm representing the claimants, said it has been receiving up to 50 enquiries about the cyber attack each day, according to the Telegraph. It estimates the case could be worth up to £5m.
Adnan Malik, the Baring’s head of data breach, said: “Our High Court action speaks volumes, echoing the concerns of thousands of distressed individuals.”
The attack has been blamed on Black Basta, a Russian-speaking ransomware gang, which is thought to have attacked more than 329 organisations since its emergence in 2022.
The incident has helped wipe nearly 50 per cent of the company’s share price so far, although Capita has claims it has experienced “minimal impact” from cyber-related incidents.
The firm reported pre-tax losses of £67.9m in its half year results in August, as it announced the financial hit to the business.