UNISON urges pensions regulator to press for stronger data safety

Move comes after outsourcing firm Capita was hacked, affecting information entrusted to it by hundreds of pension schemes

Cyber security data protection business technology privacy concept. 3d illustration.Data breach

UNISON has written to the pensions regulator to press for stronger protections to ensure that members’ pensions are safe, after outsourcing firm Capita experienced hacking attacks in March and May this year.

Among the data that has been compromised is information entrusted to Capita by some 450 pension schemes.

UNISON members are in some of the schemes and funds affected, including the Environment Agency Pension Fund (EAPF), Natural Resources Wales, the Universities Superannuation Scheme (USS) and some local government pension funds. Capita has stated that its own pension scheme data has also been compromised, affecting its own employees.

More information about the extent of the data breach is emerging. UNISON members who are active members of the EAPF have received a letter from the company alerting them that the data concerned includes name, address, email address, date of birth, national insurance number, salary, employment details and history, pension amounts and history, and expression of wish details.

Capita has appointed an expert to monitor the web to check if the compromised data has been published. It is also offering affected members of the EAPF and USS schemes an Experian identity theft protection service.

Where this is available to members, they should be encouraged to take up the offer.

UNISON is clear that it is the responsibility of Capita and the pension funds that have entrusted the company with members’ data to mitigate against the risks resulting from this failure to keep data safe.

The union is urging pension funds to keep engaging with Capita and to press them for more information, while also contacting the Information Commissioner’s Office to call on it to pursue an investigation into the cause and risks of the data breach.