ICO £14m penalty against Capita over 2023 breach
Regulatory/Legal Action
Summary
Hide ▲
Show ▼
Capita will not appeal a £14m penalty imposed by the ICO over security failings tied to a 2023 data breach that affected nearly seven million people. The enforcement action matters because the regulator said the breach exposed pension, staff and customer data after Black Basta-linked ransomware activity. The fine was cut from an intended £45m after post-attack improvements and support to affected individuals were considered.
Related Happenings
ICO fine against South Staffordshire Water for data breach
Regulatory/Legal Action
First: 12.05.2026 11:30
Last: 12.05.2026 11:30
Sources 1
About this happening:
The **ICO** finalized a **nearly £1m** penalty against **South Staffordshire Water** and **South Staffordshire PLC**, resolving a cyber enforcement action tied to a breach that ex...
ICO fine against South Staffordshire Water for data breach
Regulatory/Legal ActionAbout this happening: The **ICO** finalized a **nearly £1m** penalty against **South Staffordshire Water** and **South Staffordshire PLC**, resolving a cyber enforcement action tied to a breach that ex...
ICO fines Police Scotland over phone data disclosure
Regulatory/Legal Action
First: 12.03.2026 12:30
Last: 12.03.2026 12:30
Sources 1
About this happening:
**The ICO** fined **Police Scotland** **£66,000** and reprimanded the force for a **data protection failure** that exposed a female officer’s phone contents to a colleague she acc...
ICO fines Police Scotland over phone data disclosure
Regulatory/Legal ActionAbout this happening: **The ICO** fined **Police Scotland** **£66,000** and reprimanded the force for a **data protection failure** that exposed a female officer’s phone contents to a colleague she acc...
UK Information Commissioner’s Office (ICO) Issued a fine for GDPR non-compliance on Failure to use robust age verification and conduct a DPIA for children’s data
Regulatory/Legal Action
First: 25.02.2026 11:40
Last: 25.02.2026 11:40
Sources 1
About this happening:
The **ICO** fined **Reddit** **£14.47m ($19.6m)** for **GDPR non-compliance**, escalating child-data enforcement risk for online platforms that can be reached by **under-13 users*...
UK Information Commissioner’s Office (ICO) Issued a fine for GDPR non-compliance on Failure to use robust age verification and conduct a DPIA for children’s data
Regulatory/Legal ActionAbout this happening: The **ICO** fined **Reddit** **£14.47m ($19.6m)** for **GDPR non-compliance**, escalating child-data enforcement risk for online platforms that can be reached by **under-13 users*...
Ireland DPC opens GDPR investigation into X Grok sexual image generation
Regulatory/Legal Action
First: 17.02.2026 12:02
Last: 17.02.2026 12:02
Sources 1
About this happening:
Ireland's **Data Protection Commission (DPC)** opened a formal investigation into **X** over **Grok** being used to generate **non-consensual sexual images** of real people, inclu...
Ireland DPC opens GDPR investigation into X Grok sexual image generation
Regulatory/Legal ActionAbout this happening: Ireland's **Data Protection Commission (DPC)** opened a formal investigation into **X** over **Grok** being used to generate **non-consensual sexual images** of real people, inclu...
DXS International hit by cyberattack
Incident
First: 22.12.2025 13:15
Last: 22.12.2025 13:15
Sources 1
About this happening:
**DXS International** confirmed a **cyber-attack** that hit **its office servers**, creating a localized operational disruption for the **UK-based NHS supplier** while **front-lin...
DXS International hit by cyberattack
IncidentAbout this happening: **DXS International** confirmed a **cyber-attack** that hit **its office servers**, creating a localized operational disruption for the **UK-based NHS supplier** while **front-lin...
Timeline
-
15.10.2025 12:00 3 articles · 7mo ago
ICO £14m penalty against Capita over 2023 breach
Initial DisclosureIn **March 2023**, an employee at **Capita** downloaded malware after being targeted by a threat actor working with **Black Basta**. The device remained unquarantined for **58 hours**, creating room for privilege escalation and lateral movement.
Show sources
- Capita Fined £14m After 2023 Breach that Hit 6.6 Million People — www.infosecurity-magazine.com — 15.10.2025 12:00
- Capita Fined £14m After 2023 Breach that Hit 6.6 Million People — www.infosecurity-magazine.com — 15.10.2025 12:00
- Capita to pay £14 million for data breach impacting 6.6 million people — www.bleepingcomputer.com — 15.10.2025 23:53