Capita data breach: How it affects pension holders & what to do next

Following a cyberattack at Capita in early 2023, hundreds of thousands of pension holders had their data stolen.

Capita is one of the UK’s largest pension scheme administrators. It manages over 450 pensions, with approximately 4.3 million members, so this was a potentially huge data breach. The list of affected schemes has continued to grow since the breach was first reported.

While we might not know the full extent of the Capita data breach, the following pension plans and might* have had data stolen:

• A&H Group
• ABB Pension Plan
• AC Nielsen (UK)
• Ace INA Retirement Savings Plan
• Age UK
• Allen & Overy
• Alstom UK
• Anglian Water
• Angram Bank Primary School
• Archdale School
• Astellas Pharma Ltd
• AT&T Pension
• Atlas Master Trust
• AXA UK Group Pension Scheme
• Aylesford Newsprint
• BAE Systems
• Bank of America
• BMA Staff
• Bradfords
• British American Tobacco
• British Coal Staff Superannuation Scheme
• Caffyns
• Canon Retirement Benefit Scheme
• Capita
• Capita Pension and Life Assurance Scheme
• Castle
• Chubb Pension Trustee
• CNH
• Commerzbank AG
• Commonwealth War Graves Commission
• Conexia
• Conoco Phillips
• Danka Office Imaging
• Department for Work and Pensions (DWP)
• DH & S Plan
• Diageo pension scheme
• Direct Line Group Hybrid
• DOW Service UK
• DXC UK
• EE pension scheme
• EFWU
• Electricity Supply
• Emerson UK Pension Plan
• Environment Agency
• Environment Agency Pension Fund
• Experian
• Firmenich Wellingborough
• First Data / Fiserv
• Flint Ink UK
• G4S
• GXO Logistics Pension Scheme
• Halcrow Number 2
• Hanson Industrial pension scheme
• Heineken
• Heinz Pension Plan
• Horizon
• Ideal Stelrad
• IMS (UK)
• ING UK
• Interpublic
• Isle of Man Local Government Superannuation Scheme
• Iveco Limited Pension Scheme
• JI Case Benefits Plan
• Just Group
• Kelda Group Pension Plan
• Kier Group Pension Scheme
• King Edward VII Hospital (Sister Agnes) Staff
• KLM UK
• Lloyds
• Magnet
• Mannesmann
• Marks & Spencer pension scheme
• Mercer
• Michelin
• Milton Pipes Ltd
• Mineworkers pension scheme
• Morrisons Retirement Save Plan
• National Concessionary Fuel Office
• Neopost
• NHS England
• Nissan pension scheme
• Northern Foods Trust
• Northumbrian Water
• O2
• OCS Group staff pension
• Pearson Pension Plan
• Pension Insurance Corporation
• Pension Protection Fund
• Pfizer Pension Trustees
• Phillips 66
• Plusnet
• Procter & Gamble pension fund
• PWC Pension Fund
• Refinitiv Retirement Plan
• Ricoh
• Rothesay pension scheme
• Royal Mail
• Royal Pharmaceutical Society
• RS Group
• Safeway Pension Scheme
• Scottish and Newcastle Pension Plan
• Scottish Power Pension
• Sedgemoor
• SEI Master Trust (Halliburton)
• Severn Trent Water
• Sheffield South East Trust
• Siemens
• Sopra Steria Retirement Benefits Scheme
• South Oxfordshire District Council
• Southern Housing Group
• Southern Water Pensions
• SP Manweb Group Pension
• Tarmac Pensions Limited
• Teachers
• Tesco pension Trustees Ltd
• Tetley
• The Delta
• The environmental agency
• The Freshwater Group Staff
• The Littlehampton Academy
• The Travel Automation Services Limited Retirement Benefits Scheme
• Threadneedle Pension Plan
• Travis Perkins
• TV Licensing
• UNIAC Pension Scheme
• Unilever UK Pension Fund
• Unipart pension scheme
• United Utilities
• Universities Superannuation Scheme (USS)
• UPM – Kymmene
• Volkswagen Group UK
• Western Power Utilities
• Wier
• William Hill
• Wincanton
• Yorkshire & Clyde Bank pension trust

We’ll keep this list updated as we find out more about the scale of the Capita data breach.

*We cannot guarantee the accuracy of this list. Affected pension plans will contact their members directly to let them know if their data was compromised in the Capita data breach. If you have not received notification of your involvement, it is unlikely that you are affected by this breach.