Capita data breach

University Secretary Jennifer Sewell writes to staff informing them of a data breach impacting the Universities Superannuation Scheme (USS)

Dear Colleagues,

I am writing to you because we have today been informed by the Universities Superannuation Scheme (USS) of a data breach, which may affect members of the USS pension scheme.

The USS is a pension scheme for universities and Higher Education institutions across the UK and this data breach may potentially affect all USS members not just those based at the University of Leeds.

If you are a member of the USS pensions scheme, USS will be contacting you by email to make you aware of the breach and what to do if you have any questions. Due to the volume of members being contacted it is expected that this process will take some time to complete.

The University’s internal Pension Scheme (PAS) has no ties to Capita and is not impacted.

The breach

This morning the University was informed that USS member data held on Capita servers was accessed by hackers.

The data includes:

· Title, initial(s), and name; date of birth; National Insurance number; USS member number

The details, dating from early 2021, cover around 470,000 active, deferred and retired members. The Information Commissioner’s Office has been advised by USS.

Capita cannot confirm if USS member data was accessed and/or copied; they have recommended that USS operates under the assumption that it has. USS will be publishing an update and a set of Q&As, available via its homepage, that should address any immediate questions. USS also has a page dedicated to how to spot scams. The USS data team can also be contacted by email ( should individuals have questions not covered by the links above. Please do not contact the University Pensions team in relation to this as all enquiries must be directed to USS. We will keep staff informed as to related updates we receive from USS.

Please be alert to suspicious messages which may be sent as news of this breach is made public. A reputable organisation will never quote your date of birth or national insurance number to you. The UK National Cyber Security Centre provides advice about what to do in this situation on their website.

We would like to take this opportunity to provide reassurance that there is no indication that University systems have been breached.

With best wishes,

Jennifer Sewel

University Secretary

Posted in: