"The incident was significantly restricted, potentially affecting around 4% of Capita's server estate," reads Capita's statement.
"There is currently some evidence of limited data exfiltration from the small proportion of affected server estate, which might include customer, supplier, or colleague data."
The company will continue its investigation of the cyber-incident and provide timely updates if evidence that shows an impact on customers, suppliers, or colleagues arises.
Alleged BlackBasta ransomware attack
On March 31, 2023, Capita disclosed an IT issue that impacted its services. Three days later, the company announced that the outage was caused by a cyberattack that prevented access to its internal Microsoft Office 365 applications.
At the time, Capita did not provide many details about the nature of the cyberattack. However, its impact was evident in the reduced availability of client systems, including state organizations in the UK.
According to the latest update, the initial unauthorized access to Capita's systems occurred on March 22, 2023, and remained uninterrupted until the firm realized the breach on March 31, 2022.
On April 17, 2023, the Black Basta ransomware gang posted Capita on its extortion portal on the dark web using a private link, threatening to sell stolen data to interested buyers unless the victim paid the ransom.
The data samples Black Basta posted at the time include personal bank account details, physical addresses, passport scans, and other sensitive information.
The company did not provide public comment on the allegations of the Black Basta hackers and has not mentioned anything about ransomware in its recent statement, so the validity of these claims remains unconfirmed.
Capita's entry on Black Basta's extortion site remains private, which might mean that the ransom payment is currently being negotiated.