It is too easy to forget that hackers destroy more than just the security of the people whose data they steal and use for nefarious purpose. Behind the Capita story are the people who work at Capita who have to read about the company they work for, the jobs they do as objects of derision and even hate. Often it is not the digital stories but the comments made on those stories that are most hurtful. This blog sets out to give some support to those caught in the crossfire.
It’s prompted by a call from a senior officer at Capita’s pension department who reminded me for a second time, that many of its staff are working weekends identifying who and what has been hacked. It is not their fault that the hack occurred nor is it their fault that it has taken so long to get to this point, clearly there are weaknesses in the disaster recovery program which Capita will address. Capita have put an estimate out of the cost of the hack to shareholders which looks “low-ball” to me, but the impact on the shareholder is not the subject of this blog.
I’m writing this for the staff at Capita who will be feeling pretty low. It is hard to get out of bed and go to work knowing that your work has been compromised and that somehow this is being deemed “your fault”.
It is fairly clear that Capita was hacked because it was the obvious target, the biggest administrator, the administrator whose data was most valuable – perhaps a trophy.
I have seen examples of such attacks elsewhere and seen first hand the damage they do to people involved. My sympathy goes out to all those involved in the redress.
I understand that the task is Herculean, Capita manages pension data for 2.5m people – there is no easy way of telling who has been hacked, this process of investigation has a long way to run and the problem is not solved for its sizing.
If there is consolation , it is the knowledge that all things past and that doesn’t kill you makes you stronger. Truisms may sound like platitudes when you are in the thick of it, but they are true all the same.
Pension administrators and those who design and maintain the systems on which data run are not given much credit at the best of times. At the worst of times (and these are the worst for those at Capita) it must seem a task that gets no thanks – only brickbats.
But without pension administrators there would be chaos, as the mug says, you solve problems most of us don’t know we have. Thanks to you , and thanks for those at Capita for whom, I hope , these words will provide a little relief!
Henry: my job is in CyberSecurity, and believe you me I have had plenty of experience in dealing with data breaches, our own and others. Third-party compromise is one of the most difficult areas to deal with because those
impacted have (often) no idea their data is (metaphorically) swinging in the wind
and are therefore often unprepared for associated scams. The criticism I would
make here is not of the main Capita staff but of those (or their agents) who first tried to handle the breach. They clearly attempted to hush up the whole affair and had it not been for various regulators and (I would guess) a couple of internal whistleblowers (FT and Times sources) they might have succeeded. I have therefore some sympathy for most of their staff but NONE whatsoever for those of their management involved, for obvious reasons.