Share this article on:
Following its major IT outage that affected major clients such as the UK military and the National Health Service, Capita has announced that a confirmed cyber attack was to blame.
The company, which is a third-party operator that runs £6.5 billion (just under $12 billion) in operations for the public sector, said that it had found that the outage that it had been suffering from since last week was caused by a cyber attack.
The outage, which prevented the use of programs from the Office 365 suite such as email, Teams and Excel, raised major concerns within the UK government, which believed that agencies such as the NHS could have had their data compromised.
Prior to today, Capita neither confirmed nor denied whether a cyber attack was to blame for the outage. It has since released an update via its website that outlines the incident.
“On Friday 31st March, Capita plc (‘Capita’) experienced a cyber incident primarily impacting access to internal Microsoft Office 365 applications. This caused disruption to some services provided to individual clients, though the majority of our client services remained in operation,” it said in a release on the company website.
“Our IT security monitoring capabilities swiftly alerted us to the incident, and we quickly invoked our established and practised technical crisis management protocols.
“Immediate steps were taken to successfully isolate and contain the issue. The issue was limited to parts of the Capita network, and there is no evidence of customer, supplier or colleague data having been compromised.”
The Capita breach is yet another example of supply chain attacks threatening a number of organisations and critical infrastructure, following closely behind the GoAnywhere breach that reportedly affected 130 companies, including Meriton and Rio Tinto.
In Australia, supply chain attacks are on the rise, according to vice-president for Asia-Pacific and Japan for BlueVoyant, Sumit Bansal.
“We have been hit with a series of supply breaches over the past few weeks with Latitude Financial and The Good Guys, and it’s a reminder that these companies are not the only ones to be negatively impacted by a breach related to a third party, and most likely will not be the last,” Bansal said.
Bansal said that organisations should screen third-party providers and establish multi-layered security defences that make it more difficult for threat actors to access internal systems.
Capita is yet to say which customers were affected in the attack.