Capita's privacy fine appropriate for 'egregious’ failings, UK watchdog says

By Patricia Figueiredo ( October 15, 2025, 08:37 GMT | Insight) -- Outsourcing and professional services company Capita has been fined £14 million for long-term data protection failings that left more than 6.6 million people’s information exposed in a 2023 ransomware attack. The UK Information Commissioner’s Office found the group ignored repeated warnings about security weaknesses and took 58 hours — instead of 60 minutes — to act on a high-risk alert.Outsourcing group Capita has drawn a fine for what the UK data protection watchdog called an “egregious” security failure that exposed the personal data of more than 6.6 million people in a 2023 cyberattack....

Prepare for tomorrow’s regulatory change, today

MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.

Know what others in the room don’t, with features including:

Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
Curated case files bringing together news, analysis and source documents in a single timeline

Experience MLex today with a 14-day free trial.

Start Free Trial

Already a subscriber? Click here to login

Capita's privacy fine appropriate for 'egregious’ failings, UK watchdog says

Prepare for tomorrow’s regulatory change, today

Related Sections