Yazılar

UK’s Capita fined £14 million over 2023 cyber breach affecting 6.7 million people

/in /tarafından

Capita has been fined £14 million ($18.7 million) by the UK Information Commissioner’s Office (ICO) for failing to protect personal data during a 2023 cyberattack that compromised information belonging to 6.7 million individuals, the outsourcing firm said on Wednesday.

The company, which provides services to UK government departments and major corporations, said the fine was part of a settlement with the ICO. Capita had previously estimated that the breach could cost up to £20 million in financial damages.

The ICO report found that Capita failed to maintain adequate network protections, allowing unauthorized access and privilege escalation, and did not respond properly to early security alerts. The regulator said the case underscored the growing pressure on British companies to strengthen cyber defenses following major breaches at Marks & Spencer, Co-op, and Jaguar Land Rover.

“With so many cyber attacks in the headlines, our message is clear: every organization, no matter how large, must take proactive steps to keep people’s data secure,” said John Edwards, the UK’s Information Commissioner.

Capita said it has since introduced advanced cybersecurity measures and completed an internal overhaul of its digital infrastructure. “Following an extended period of dialogue with the ICO, we are pleased to have concluded this matter,” said CEO Adolfo Hernandez.

The firm expects a free cash outflow of £59 million–£79 million in 2025, up from previous guidance of £45 million–£65 million, but noted that all other financial targets remain unchanged.

According to the National Cyber Security Centre (NCSC), the number of “highly significant” cyber incidents in Britain has doubled year-on-year, reflecting growing systemic risks across the public and private sectors.

UK Renews Push for Apple to Open Cloud Access for British User Data

/in /tarafından

The British government has issued a new order to Apple (AAPL.O) demanding the creation of a backdoor into its iCloud storage service — this time limited to British users’ data, the Financial Times reported on Wednesday.

The move marks the government’s second attempt to gain access to encrypted data stored by Apple, following the company’s appeal earlier this year against a broader order that sought access to both UK and U.S. citizens’ data. The earlier mandate was dropped after U.S. intelligence officials, including Director of National Intelligence Tulsi Gabbard, warned that such access could expose sensitive personal data to cybercriminals and foreign governments.

APPLE MAINTAINS REFUSAL TO CREATE BACKDOOR

Apple reiterated its long-standing position that it will not build a backdoor into its systems, citing user privacy and global security risks. “We have never built a backdoor or master key to any of our products or services — and we never will,” Apple said in a statement on Wednesday.

The company also confirmed that it was forced to withdraw its Advanced Data Protection (ADP) feature for UK users in February due to the government’s demands. The feature, which offers end-to-end encryption for iCloud data, ensures that only the user — not even Apple — can decrypt stored information.

“Apple is still unable to offer Advanced Data Protection in the United Kingdom to new users, and current users will eventually need to disable this feature,” the company said. “ADP protects iCloud data with end-to-end encryption, meaning only the user can access it on trusted devices.”

GOVERNMENT DEFENDS SECURITY ACTIONS

A spokesperson for the UK government declined to confirm the existence of the new order but said:

“We will always take all actions necessary at the domestic level to keep UK citizens safe.”

The latest demand comes under Britain’s Investigatory Powers Act, often called the “Snooper’s Charter,” which allows the government to compel tech firms to provide access to encrypted communications under certain conditions.

Apple’s ongoing appeal against the earlier order is being heard by the Investigatory Powers Tribunal (IPT), the UK’s top court for intelligence-related cases.

The standoff underscores the growing global tension between governments seeking digital surveillance capabilities and technology companies defending encryption as a cornerstone of privacy and cybersecurity.

UK monitors supply chain risks after Jaguar Land Rover cyberattack halts production

/in /tarafından

The UK government said Friday it is working with Jaguar Land Rover (JLR) to assess the fallout of a cyberattack that has kept the automaker’s factories offline for more than three weeks. JLR, Britain’s largest carmaker, confirmed its plants will remain shut until at least September 24, extending the disruption first triggered in early September when production was halted to contain the breach.

The shutdown has sparked growing concern over the impact on JLR’s extensive supply chain, which supports 104,000 jobs across the country, many of them at small and medium-sized firms. The Unite trade union has warned the stoppage could lead to layoffs if the disruption persists and has called for government intervention to protect workers.

In a joint statement, the government and the Society of Motor Manufacturers and Traders (SMMT) said officials, including national cyber experts, are directly supporting JLR’s recovery efforts and working to evaluate the knock-on effects across the industry.

The incident underscores the vulnerability of major manufacturing operations to cyberattacks and the risks they pose to national supply chains, especially in sectors where thousands of smaller firms depend on the output of a single large manufacturer.