The ICO has fined Capita £14m ($18.7m), which includes a £6m ($8m) fine against subsidiary CPSL, for its failure to ensure the security of personal data and the resulting infringement of the UK’s data protection rules. The regulator categorized the rule violations as “having a high degree of seriousness” that
Capita fined for cybersecurity failings that led to data breach
Ineffective response to security alerts, inadequate access controls, lack of active directory tiering, and penetration testing shortcomings all cited as factors.