Capita reaches ICO settlement on cyber incident

By Iain Gilbert

Date: Wednesday 15 Oct 2025

(Sharecast News) - Business process outsourcing firm Capita has reached a settlement with the Information Commissioner's Office over a March 2023 cyber attack, resulting in a £14m penalty.
Capita said on Wednesday that it was "committed" to upholding the security of its data and the protection of its systems for clients and their customers, stating it regretted the incident and that all those identified as being potentially impacted were contacted after the attack.

The FTSE 250-listed firm now expects free cash outflow, excluding business exits, to land between £59m and £79m, reflecting the impact of the £14m penalty, with previous guidance of £45m to £65m remaining unchanged aside from the adjustment.

Capita added that it continues to anticipate being cash positive from the end of 2025, with full-year guidance and medium-term targets reaffirmed.

Chief executive Adolfo Hernandez said: "When I joined as CEO the year after the attack, I accelerated our cybersecurity transformation, with new digital and technology leadership and significant investment. As a result, we have hugely strengthened our cybersecurity posture, built in advanced protections and embedded a culture of continuous vigilance.

"Following an extended period of dialogue with the ICO over the last two years, we are pleased to have concluded this matter and reach today's settlement."







Reporting by Iain Gilbert at Sharecast.com

« Go back to news channel

Email this article to a friend

or share it with one of these popular networks:

• DIGG
• FACEBOOK
• STUMBLEUPON
• MIXX
• YAHOO BUZZ
• DELICIOUS
• REDDIT
• NEWSVINE