Capita, the multinational consulting, transformation and digital services business firm, is facing a clean up bill of up to £20m following a suspected ransomware incident in late March.

The company said in a corporate update that it has identified that hackers had managed to ‘exfiltrate’ some data, but it amounted to less than 0.1 per cent of its server estate.

Aided by third party suppliers, the firm has carried out forensic analysis of the attack which is thought to have been carried out by Russia-linked ransomware hackers Black Basta.

Images circulating on the gang’s dark web site in the aftermath of the incident showed copies of scanned passport documents reportedly belonging to the company.

The ‘unauthorised intrusion’ was restricted by IT staff but will cost in the region of £15 to £20m to fix, the firm said, despite work undertaken to ‘remediate’ the effects of the incident.

“Capita is working closely with all appropriate regulatory authorities and with customers, suppliers and colleagues to notify those affected and take any remaining necessary steps to address the incident,” the company said.

“Capita expects to incur exceptional costs of approximately £15m to £20m associated with the cyber incident, comprising specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cyber security environment. Capita has also taken further steps to ensure the integrity, safety and security of its IT infrastructure to underpin its ongoing client service commitments.”

Capita has run the Scottish Wide Area Network (SWAN) since 2014, until BT was awarded the contract last month following a competitive tender process.

The company said in its update that ‘underlying trading performance remains in line with expectations’, with adjusted group revenue up 4.8 per cent in the first four months of 2023 compared to last year.