We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Capita - Hacked
Options
Comments
-
Mine is TPS / DWP, but as in my post (5 above) no detailed information yet
0 -
They may not know yet how (it at all) their scheme members have been affected, so it's not unreasonable until more information is available.corky23 said:
WOW that's bad!Umiamz said:USS haven't offered anything other than apologies.Googling on your question might have been both quicker and easier, if you're only after simple facts rather than opinions!0 -
Its a complicated question to answer... Capita administer both pension schemes and annuity insurance. You could find that your pension isnt administered by them but your pension has a buy-in with an insurance company and that insurer is using Capita to manage the buy-in that also contains your personal data (though less than if it had move to buy-out). You also get insurers buying reinsurance and Capita managing that for the reinsurer.LHW99 said:I have tried to find a list of pensions administered by Capita (or at least those likely involved in the breach) but have not found one via Google. Does anyone know if such a list exists?Administered schemes seem to include M&S, some Diageo schemes and some Public service ones, but at the moment available information on which may be at risk is minimal, four weeks on.
In some cases insurers use more than one outsourcer and so some policies may be with one company and others with another so its not a blanket that if you're pension has a Buy-In with Rothesay that you can definitively say who's managing it.
Certainly from the insurer perspective its also possible for Capita to only be providing the bodies and they use the insurers own system and so an IT breach of Capita's system wouldnt impact those that dont use their IT systems. Maybe some pension schemes also do this.1 -
Yes, but as a bare minimum they should be advising their members about using the usual internet hygiene precautions in case their personal details have been compromised (change unique email passwords, setup 2FA, check bank account transactions, monitor credit reports etc).Marcon said:
EDIT : I have a pension under Capita's "care" and I've assumed that they've printed out all my details in 24 point and scattered them to the four winds but then I've had to deal with Capita in the past in a "professional" capacity.2 -
Umiamz said:USS haven't offered anything other than apologies.Might be the first time they've offered as much as that.However, their website currently states:
"Members will be given access to a leading identity protection service, free of charge, and we will be contacting them next week (w/c 22 May) to set out how that will work."
From the phrasing, I wonder if Capita are funding this for all affected schemes to pass on to their membership.
1 -
A retired relative has recived a letter from his pension fund saying his details have been hacked, and he is incredibly worried having read the Sunday Times article about these details being sold on the dark web etc etc. The advice from the pension fund is very generic - i.e. be careful of unsolicited phone calls, check you bank account.They also offered Experian for a year, which he has followed up, he tells us.We bank at the same bank and with 3 levels of security (password / username etc) plus a call to his mobile we think it would be difficult to hack his bank account. Are we correct in thinking that this would be as secure as it was before the hack?However, his National Insurance no. was also hacked and he / we have no idea how he would know if this was used in some way, or how he could be checking ....In a post above someone mentions 2FA - neither he nor we know what this means...Retirees are older, some very old, not internet savvy and are now incredibly worried about their safety given their pension may be their only inclome and everything they worked all their lives for.If anyone can tell us how to help him - and others who find this thread - we would be very grateful. Please remember that he /we need clear advice on what to do in terms he can understand! Many thanks in advance.0
-
2FA is two factor authentication... ie 1 factor is username/password, 2nd factor is the telephone call you say he receives so in some areas he already has 2FA setup even if he didnt know what it was called.frugalfran said:In a post above someone mentions 2FA - neither he nor we know what this means...
The main challenge is where 2FA is setup and where it can be used... a bank may use 2FA for its app and website but you can phone them up and just need to be able to answer some security questions like DoB, Address etc
The other risk is "sim swapping"... someone can try and get his telephone number ported onto a new sim card thus solving the issue of the 2FA because the security call/text will then come to their phone not his. EG they pretend to be him saying he's lost/damaged the sim and can he have a new one using the details they have to pass security. Some say 2FA that doesnt use a sim card is better (eg some use an authentication app). If that isnt possible its about ensuring you've all the security you can have setup with your phone provider and be very conscious of if your phone suddenly stops working0 -
I was guilty of mentioning 2FA above. Here's a decent introduction from Which?
https://computing.which.co.uk/hc/en-gb/articles/360000243980-What-is-two-factor-authentication-and-should-you-use-it-
There's other good information on that site.
Yes, bank accounts are now as secure as they were before* but you have to think that a third party might now have details of that account together with name, address, phone number, email address etc. That might be used to construct convincing (because all the details are correct) email or mail requests for further data, like passwords etc.or to "click on this link to check the status of your data/account" type requests.
Remember that the bad actors might well use the news of a hack as an "in", offering help or advice after the fact that is actually an attempt to access further data.
The one piece of advice I have always given when asked is to have your main email account access as secure as you can make it. At the very least make sure that the password is strong and is not used for any other account. And use 2FA if you can.
You mention Experian, I would assume that your relative has been offered their Identity Plus service. This monitors credit reports and the wider web for any use of an individual's data. I would hope that this would include NI number.
Above all, never move funds to another account if asked to do so, it is never a legitimate request.
* assuming your bank password is different to your pension account password.3 -
Also if anyone phones saying they are from your / his bank, never give them any details there and then. Find out the name and department, and phone back using the contact details on the back of your bank card.Use a different phone if possible, or wait until you are sure the original caller has come off the line.1
-
Thank you, flaneurs_lobster and LHW99 for the good advice, we will look at everything you suggest, it's a great start to the process, we are very grateful
0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards