Capita Data Breach Exposes Personal Pension Data of Civil Service Scheme Members
A data breach in the Civil Service Pension Scheme portal last week resulted in 138 members either receiving personal Annual Benefit Statements (ABS) belonging to others or having their own data exposed to unintended recipients. The incident, attributed to Capita the scheme’s administrator was detected swiftly, prompting the immediate suspension of ABS functionality and a full investigation.
Capita confirmed that all affected members would be notified via secure message by 9 AM on 3 April 2026, while those unaffected would receive no further correspondence. The firm apologized for the breach and stated that the portal’s ABS request feature remains offline pending fixes to the underlying issue.
The Cabinet Office acknowledged the incident, emphasizing its seriousness despite the limited scope of exposure. A spokesperson stated that the government is collaborating with Capita to assess the breach and implement corrective measures.
The breach adds to ongoing disruptions in the 1.7 million-member scheme, which has faced payment delays and administrative backlogs since Capita took over administration from MyCSP. Fran Heathcote, general secretary of the PCS union, criticized the incident as another blow to members’ confidence, reinforcing calls for insourcing pension administration.
Capita has pledged to restore normal service levels by the end of June, with plans to enhance the portal and introduce a mobile app for improved accessibility. The breach underscores persistent challenges in the scheme’s transition to private administration.
Source: https://www.civilserviceworld.com/news/article/civil-service-pension-scheme-data-breach
Civil cybersecurity rating report: https://www.rankiteo.com/company/civil
"id": "CIV1775575419",
"linkid": "civil",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '138 members of the Civil '
'Service Pension Scheme',
'industry': 'Pension Administration',
'name': 'Capita',
'type': 'Service Provider'},
{'customers_affected': '138 members',
'industry': 'Public Sector Pensions',
'name': 'Civil Service Pension Scheme',
'size': '1.7 million members',
'type': 'Pension Scheme'}],
'customer_advisories': 'Affected members notified via secure message; '
'portal’s ABS request feature remains offline',
'data_breach': {'number_of_records_exposed': '138',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personal pension data)',
'type_of_data_compromised': 'Personal Annual Benefit '
'Statements (ABS)'},
'date_detected': '2026-03-27',
'date_publicly_disclosed': '2026-04-03',
'description': 'A data breach in the Civil Service Pension Scheme portal last '
'week resulted in 138 members either receiving personal Annual '
'Benefit Statements (ABS) belonging to others or having their '
'own data exposed to unintended recipients. The incident, '
'attributed to Capita, the scheme’s administrator, was '
'detected swiftly, prompting the immediate suspension of ABS '
'functionality and a full investigation.',
'impact': {'brand_reputation_impact': 'Erosion of members’ confidence in the '
'scheme',
'data_compromised': 'Personal Annual Benefit Statements (ABS) of '
'138 members',
'downtime': 'ABS functionality suspended',
'identity_theft_risk': 'Potential risk due to exposure of personal '
'pension data',
'operational_impact': 'Portal’s ABS request feature offline '
'pending fixes',
'systems_affected': 'Civil Service Pension Scheme portal'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Persistent challenges in the scheme’s transition to '
'private administration; need for enhanced security '
'measures in pension portals',
'post_incident_analysis': {'corrective_actions': 'Fixes to the ABS request '
'feature, enhanced portal '
'security, and plans to '
'restore normal service '
'levels by end of June 2026',
'root_causes': 'Underlying issue in the ABS '
'request feature of the portal'},
'recommendations': 'Enhance portal security, introduce a mobile app for '
'improved accessibility, and consider insourcing pension '
'administration to restore confidence',
'references': [{'source': 'Cabinet Office Statement'},
{'source': 'PCS Union Statement (Fran Heathcote)'}],
'response': {'communication_strategy': 'Affected members notified via secure '
'message by 9 AM on 3 April 2026; '
'unaffected members to receive no '
'further correspondence',
'containment_measures': 'Immediate suspension of ABS '
'functionality',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Portal’s ABS request feature remains '
'offline pending fixes; plans to restore '
'normal service levels by end of June 2026',
'remediation_measures': 'Investigation and fixes to the '
'underlying issue'},
'stakeholder_advisories': 'Government collaborating with Capita to assess the '
'breach and implement corrective measures',
'title': 'Capita Data Breach Exposes Personal Pension Data of Civil Service '
'Scheme Members',
'type': 'Data Breach'}