The largest administrator of private defined benefit and defined contribution pension plans in the U.K. is revealing details about a cyber attack that compromised the personal information of 470,000 of its members.
In a press release, the £82.2-billion Universities Superannuation Scheme said its members’ data was held by external servers that were infiltrated by cyber criminals. The servers were operated by Capita, a business process outsourcing firm contracted by the USS to provide pension administration software.
Read: Phishing and ransomware risks on the rise for pension funds, says expert
“Capita has confirmed it has taken extensive steps to recover and secure the data, as well as monitoring the dark web to confirm that data compromised as a result of this incident is not circulating more widely,” said a press release from the USS.
The pension scheme added it doesn’t believe the hack has compromised members’ pensions. “Having reviewed our own systems and controls to ensure they remain robust, we are very confident members’ pensions remain secure.”
The information accessed by the cyber attack includes members’ titles, names, dates of birth, national insurance numbers, pension numbers and retirement dates. The USS said it will be provide its members with access to an identity threat monitoring software.
Read: 2022 IIC coverage: Protecting technology infrastructure critical for institutional investors