BeyondtheVote
Sign in

Committee publication · Correspondence · 15 April 2026

Letter from the CEO of Capita Public Services relating to the Administration of the Civil Service Pensions Scheme, 8 April 2026

From: Public Accounts Committee

Inquiry: Civil service pensions

Summary

Capita's CEO reports to the PAC on a data breach affecting the Civil Service Pensions Scheme member portal on 30 March 2026. For 35 minutes, 138 members either received other members' Annual Benefit Statements or had their own data viewed by others. Capita suspended the portal, notified affected members by 3 April, and is conducting a technical investigation. ABS request functionality remains offline pending resolution.

Key findings

  • A 35-minute data exposure event on 30 March 2026 affected 138 CSPS members accessing the member portal
  • Affected members either received personal ABS data belonging to other members or had their data viewed by other members
  • All exposed individuals were authenticated portal users who had logged in with their credentials
  • Capita notified the Cabinet Office immediately, suspended ABS functionality, and individually contacted all affected members by 09:00 on 3 April
  • The underlying cause relates to the data interface established between MyCSP data, Capita's Hartlink platform, and the new CSPS portal; root cause investigation ongoing

Tone

Procedural

Topics

data-protectioncybersecuritypublic-pensionsgovernment-contracts

Key actors

Richard Holroyd, CEO Capita Public Services, Capita Public Services, Sir Geoffrey Clifton Brown MP, PAC Chair, Cabinet Office, MyCSP, Civil Service Pensions Scheme

Notable line

… for 35 minutes on 30 March an issue occurred on the member portal which resulted in 138 members either receiving personal ABS data belonging to other members and/or having their ABS data seen by other members

Key Quotes

… for 35 minutes on 30 March an issue occurred on the member portal which resulted in 138 members either receiving personal ABS data belonging to other members and/or having their ABS data seen by other members
Richard Holroyd, CEO Capita Public Services · describing the scope of the data exposure
The issue was identified quickly. In response, Capita notified the Cabinet Office, suspended ABS functionality on the portal and began a full technical investigation.
Richard Holroyd, CEO Capita Public Services · outlining Capita's response to the breach
Capita takes the protection of personal data extremely seriously, and we are taking all necessary steps to ensure this does not recur.
Richard Holroyd, CEO Capita Public Services · statement on data protection commitment
View original document →

Source · parliament.uk record ↗

Letter from the CEO of Capita Public Services relating to the Administration of the Civil Service Pensions Scheme, 8 April 2026 | Beyond The Vote | Beyond The Vote