Have you been affected by the Capita data breach?

The Capita data breach could affect more than half a million pension holders in the UK.

Use our instant eligibility checker to see if you qualify to join the claim.

Start your Capita data breach claim

Find out if you are eligible to claim compensation

No-win, no-fee

100% Guaranteed


Regulated by the SRA

Save time

Quick online registration

Potentially claim

Thousands of £s

Capita Data Breach Explained

In March 2023, Capita, a provider of outsourced pension administration to 450+ UK pension providers, fell victim to a significant data breach, potentially impacting over half a million pension holders, their beneficiaries, and some Capita employees.

If you’ve received confirmation from your pension provider indicating your involvement, you might be eligible to join this claim.

Concerned about your data? The ransomware group Black Basta claimed responsibility for the hack, which targeted Capita’s Microsoft Office 365 software, pilfering personal information like names, birthdates, National Insurance numbers, and possibly sensitive bank details.

KP Law, along with its cyber experts is investigating the breach and its impact. If you’ve been notified of a Capita data breach, join the group action for updates on investigations and a potential no-win, no-fee data breach compensation claim. 

How to sign up for a claim

Join the claim

It is free to sign up for a claim. KP Law operates on a no-win-no-fee basis. The most you will have to pay is a 25% Inc VAT, from the compensation awarded to you.
Kp Law will send you regular updates about the progress of your claim.

Online registration

If eligible, and you want to join the claim, use our online portal to register with KP law. It’s all online, it’s simple and takes only a few minutes.

Check eligibility

Our simple eligibility checker provides instant clarity. Answer a few straightforward questions, and you’ll know if you qualify to join the Capita data breach group action claim.

Check eligibility

Answer a few simple questions online and find out if you have a potential claim.

Online registration

Use our online portal to register to join the claim. It’s all online, it’s simple and takes only a few minutes.

Join the claim

It is free to sign up for a claim. This will be on a no-win no-fee basis, which means you will not have to pay any costs unless compensation is awarded. The most you will have to pay is 25% of the compensation awarded including VAT.

Who is affected by the Capita data

Many pension plans may have had data stolen in the breach, including:

The Universities Superannuation Scheme (USS)

The USS is the biggest private sector pension plan in the UK. Around 470,000 members may have had their detail stolen in the Capita cyber-attack.

Diageo pension scheme

The drinks maker has said that around 32,000 pension members have been affected by the incident.

Marks and Spencer pension scheme

Around 50,000 individuals are thought to be affected.


Capita has told some of its employees that their personal data, including names, addresses and national insurance numbers, were stolen in the data hack.

BAE Systems

Following a detailed investigation, Capita notified the Trustee that, personal details of approximately 8,000 pensioner members with SIPS benefits were included in copies of the data that were taken by the cyber attackers.

Rothesay pension scheme

Around 50,000 individuals are thought to be affected.

Unilever pension scheme

Capita has confirmed that some Unilever member data may have been accessed by the unauthorised third party.

PwC pension scheme

A letter from the trustees of the PwC pension scheme confirms that member data has been exfiltrated.

Your questions answered

FAQs about the Capita data breach

In March 2023, Capita encountered a cyber-attack causing service disruptions for staff, local authorities, and businesses. Initially described as an internal system disruption, it later emerged as a ransomware attack potentially resulting in a data breach.

Investigations point towards Black Basta, a Russian-based ransomware group, as the likely perpetrators. They asserted possession of Capita’s data in a now-deleted online statement. Capita has refrained from commenting on whether they paid the ransom.

The compromised employee data includes dates of birth, marital status, home addresses, salary, email addresses, employment details and employment history. Personal data, including names, dates of birth and National Insurance numbers may have been accessed by hackers. Other valuable information may also have been compromised and we understand financial/bank details were also affected.

On March 31 2023, Capita said:

“Following a technical problem which has affected access to some of our services today, we can confirm that we have identified an IT issue that is primarily impacting our internal systems. We are working to swiftly restore those services that have been affected and will issue a further update in due course.”

On 20 April 2023, Capita provided more information when it posted the following statement on its website:

“On 3 April 2023, Capita plc (“Capita”) announced that it had experienced a cyber incident which primarily impacted access to internal Microsoft Office 365 applications.

“Since the incident, Capita and its technical partners have restored Capita colleagues’ access to Microsoft Office 365. The majority of Capita’s client services were not impacted by the incident and remained in operation, and Capita has now restored virtually all client services that were impacted.

“In parallel with the services restoration activity, Capita has continued to work closely and at speed with specialist advisers and forensic experts in investigating the incident to provide assurance around any potential customer, supplier or colleague data exfiltration.

“From our investigations to date, it appears that the incident arose following initial unauthorised access on or around 22 March and was interrupted by Capita on 31 March. As a result of the interruption, the incident was significantly restricted, potentially affecting around 4% of Capita’s server estate. There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data.

“Capita continues to work through its forensic investigations and will inform any customers, suppliers or colleagues that are impacted in a timely manner.

“Capita continues to comply with all relevant regulatory obligations.”

Capita should be in touch to notify affected individuals.

Anyone who thinks they might be involved should take immediate steps to protect themselves. 

If you receive notification that you are affected by the Capita pension data breach, join the claim to receive updates on the investigation. KP Law will let you know what’s happening, and if and when you can make a no-win, no-fee data breach compensation claim.  

A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions, multi-claimant, or multi-party actions.

There are no costs to join the claim. However, if your claim is successful, you may have to pay a ‘success fee’. This fee is taken from the compensation awarded to you. At KP Law, their success fee is competitive, they make sure you are fully informed about any potential costs before you officially join the action. If you lose, you won’t have to pay a penny.

KP Law is standing up for you

Our partner law firm for this group action is KP Law who are regulated by the SRA.

The team at KP Law includes some of the most skilled lawyers in England and Wales. Representing individual claimants and group action cases, their experienced multi-claimant legal team has the experience, diligence and means to fight your corner and win.

Never afraid of a fight, KP Law is ready to take on large, deep-pocketed defendants that other law firms shy away from.

Used to winning for clients against well-funded corporations, they have all the resources and expertise necessary to take on complicated cases. This is advantageous when it comes to taking on big corporations in complex multi-claimant and group actions.

Ultimately, they act for clients who deserve to win, and they do everything they can to ensure that they do.

Kind words from KP Law's clients

Why use KP Law to make a claim?

They are one of the most experienced multi-claimant legal firms in England and Wales.

Their legal team represents tens of thousands of workers and consumers across England & Wales.

They act for clients who deserve to win, and they do everything they can to ensure that they do.

They have all the resources and expertise necessary to take on complicated cases and win.

They are never afraid of a fight and are ready to take on large, deep-pocket defendants

From specialist barristers to expert lawyers, they always make sure you get the best possible legal support.

They have offices in Chancery Lane London, Birmingham and Liverpool, and the technology to provide a nationwide service, so they can help clients across England & Wales.

They combine expertise and technology to streamline the legal process and deliver an efficient, hassle-free experience to their clients.

They don't take on a case unless they believe we can win, and they are so confident in this that their clients don't pay a penny unless they succeed.

Join the Capita data breach claim

If you receive notification that you are affected by a Capita data breach – either as a pension holder or a nominated beneficiary – you can register to join the group action.