You may have seen in recent media coverage that Capita has experienced a cyber-attack incident involving the theft of personal data affecting several pension schemes and clients of Capita (including those such as the Experian Retirement Savings Plan or ERSP where the relationship with Capita has been terminated but legacy data continues to be held by Capita for regulatory or legal requirements).

You may recall that the ERSP was replaced by the Experian Pensions Savings Plan (EPSP) section of the L&G Mastertrust in September 2021, and accrued retirement savings for ERSP members were subsequently transferred to the EPSP in February 2022.

On 16 June 2023, Capita reported to us that files containing personal data belonging to some former ERSP members who had taken an ‘Uncrystallised Funds Pension Lump Sum (UFPLS)’ under the ERSP prior to the transfer to the EPSP, had unfortunately been affected by this incident. Capita were unable to confirm at that time which members had been impacted until their investigations were completed.

Capita have now confirmed that 182 former ERSP members were impacted by the incident and we have now written each impacted member with information about the support being provided by Capita, mitigating actions and guidance on staying safe online. The Trustees of the L&G Mastertrust have also been alerted and asked to be extra vigilant to ID fraud attempts.

Data security is of the utmost importance to us and we continue to work diligently with our pension providers to ensure that all reasonable steps are taken to safeguard against the possibility of future data breaches.

In the meantime, we would encourage any former members of the ERSP to follow the guidance in the Annex below about the steps you can take to protect yourself against fraud and scams.

Experian Retirement Savings Trustees Limited

(The Trustee of the Experian Retirement Savings Plan)

ANNEX

What can I do to stay safe online?

If you do receive any suspicious messages or calls, please do not hand over any information such as your bank account details. Instead, hang up, or delete any worrying texts or emails.  The FCA has some useful information on how to spot the warning signs of financial scams at https://www.fca.org.uk/consumers/protect-yourself-scams

The National Cyber Security Centre provides guidance for individuals and families affected by data breaches at: https://www.ncsc.gov.uk/guidance/data-breaches

Cyber criminals commonly use a scam technique called “phishing”, which is mostly email-based but can also be via telephone calls, to lure victims under false pretences to websites which look legitimate to get them to provide information including bank account and credit card details. These emails/phone calls appear to be from recognisable sources such as banks but actually link to fraudulent websites. Accordingly, we would suggest taking the following steps to help reduce the risk of falling foul of these phishing attempts:

• Protect your email with a strong password (tip: use 3 random words to create a single password that’s difficult to crack).
• Do not share your password with anyone.
• Install the latest security updates to your browser software and personal computing devices.
• If in doubt, do not open emails from senders you do not recognise.
• Check links look correct before you click on them.
• Be suspicious of anyone who asks for your bank account or credit card details.
• If the email contains spelling mistakes, this can be a sign that this is a phishing scam. Do not open the email or attachments.
• If you think you have been affected by a scam, report it to Action Fraud https://www.actionfraud.police.uk/

The Information Commissioner’s Office is the UK's independent body set up to uphold information rights. Its website is a good source of more information about how to protect your personal data online when using computers and other devices: https://ico.org.uk/for-the-public/online.