The Pensions Regulator has written to trustees responsible for funds that use Capita as an administrator to assess the risk of their scheme’s data being at risk.

The hack, which occurred in March, resulted in information containing Capita data being circulated on the dark web. The data includes sensitive information such as home addresses and passport images, which can be used for identity theft and other malicious activities.

Capita’s systems administer pensions of more than four million savers on behalf of 450 organizations, including Royal Mail and Axa. Given the magnitude of the breach, it is vital that pension funds take immediate steps to ensure the safety and security of their clients’ data.

The Pensions Regulator’s letter to pension funds employing Capita as an administrator has urged them to determine whether there is a risk to their scheme’s data and establish whether they are in touch with the company.

The regulator has stressed that it takes IT security and the risk of cyber attacks extremely seriously.

Capita has stated that only a small number of its computer servers were compromised during the cyberattack. In a statement, it added that it has been in regular contact with authorities since the hack and will update them on the investigation as it progresses.

Capita is not only a leading pension adviser in the UK, but it is also one of the government’s biggest suppliers, providing IT services to various government agencies, including running the London congestion charging zone, collecting the BBC licence fee, and overseeing training for the Royal Navy.

The scale of its operations means that the impact of a data breach could be severe.