No news ≠ good news from Capita
Capita are reported in the Times to be estimating the cost of the hack of pension data to be £20m to its shareholders.
In its third stock-market announcement since it revealed it had been hit at the end of March, Capita also reported that some data was taken from “less than 0.1 per cent” of its computer servers, although it did not specify whose information it was.
The two questions that spring to mind are
- Does Capita know what data has been stolen, in which case how does it know the financial consequences?
- Has a ransom been paid to the hackers, enabling Capita to put a financial cost to resolving the problem?
The Times, which has been running this story since it first emerged update us
In recent weeks a sum of money was transferred to the crypto wallet of Black Basta, according to sources that track these payments, such as Chainalysis. Capita has disappeared from the names of the victims listed on the hackers website.
This might suggest that a ransom has been paid, as Alan Chaplin points out.
Herein is the problem, no news is not necessarily good news but can Capita say anything more. For customers, whether those paying Capita’s bills or those whose data is managed by Capita, there is little certainty -little comfort in a stock market update.
No news ≠ good news from the dashboard.
Yesterday also saw an announcement from the Pension Dashboard Program which contained updates on various matters but no news on the substantive decisions that need to be taken before a renewed dashboard timetable can be delivered.
As many business plans depend on the delivery of the dashboard, delays are difficult though expected. We expect an update in July and for that update to include news on who is taking control going forward and when we can reasonably expect to be using dashboards both in the experimental (beta) phase and more importantly as “business as usual”.
No news better than fake news
Managing news is part of the job of big-tech projects – as engaged in by Capita and PDP.
The argument to keep information to the minimum is based on the complex web of non-disclosure agreements and understandings put in place to protect the commercial interests of the commercial parties involved.
The general public are not a party to these agreements though they are generally the counterparty – the people who are the losers when things go wrong.
The victims of further dashboard delays like the victims of data hacks will only find out the cost to them of what has gone wrong, after the event. Many will never associate the non-availability of their pension data in one place with a failure to create a consolidated retirement plan. Many may never know that the source of a hack in one of their accounts resulted from a leak in their pension data.
No news is better than fake news and putting out the wrong information on what has gone wrong is not the answer. But in matters as important as data security and the delivery of consolidated views of all our pensions, the public deserve a proper explanation.
We should keep pushing Capita and Government for answers not just on what has gone wrong but when things will go right!