USS warns members’ data may have been stolen by Capita hackers

Members of the UK’s largest academic pension scheme have been warned that their personal details may have been stolen during a cyberattack.

Up to 470,000 members of the Universities Superannuation Scheme (USS) could be affected by the breach after hackers targeted the computer servers of outsourcing firm Capita, whose services were used by the USS.

Capita’s technology platform Hartlink is used by the USS’ in-house pension administration processes, a statement said.

The USS had been “liaising closely with the company over the course of its forensic investigations” since the incident was first reported.

“While it has been confirmed that USS member data held on Hartlink has not been compromised, we were informed on Thursday 11 May that regrettably details of USS members were held on the Capita servers accessed by the hackers,” the statement continued.

The details potentially include information such as individuals’ names, dates of birth, National Insurance numbers and USS member numbers. Files date from early 2021 and cover active, deferred and retired members.

The USS said Capita had not definitively confirmed whether the data had been accessed or copied by the hackers, but it recommended that members operate on the assumption that it had been.

All members affected will be written too as soon as possible once the USS receives receipt of the specific data from Capita, the statement said.

“We are very sorry that some USS member data held by Capita may have been accessed by a third party,” said Bill Galvin, the USS’ group chief executive.

“Data privacy and security is a top priority for us, and we know our members will be concerned by this news.

“Having been told yesterday (11 May) that Capita could not guarantee the security of certain files, we’ve moved urgently to inform our members. We have given them guidance on the risks this might have created and how they might respond.

“We are very confident members’ pensions remain secure. We have reviewed our own systems and controls to ensure they remain robust. We continue to engage with Capita and will provide more information on the status of the potentially compromised data immediately it becomes available.”

tom.williams@timeshighereducation.com