USS response to potential data breach
12 May 2023
The Universities Superannuation Scheme (USS), one of UCL’s pension schemes, has informed us of a potential data breach following a cyber incident at Capita.
USS uses Capita’s technology platform as part of its administration processes. Capita has reported a cyber incident involving hackers targeting some of its servers, which means that details held on their servers may have been accessed, including the personal data of USS members.
The information potentially accessed includes title, initial(s), name; date of birth; National Insurance number and USS member number. USS have said that they are confident members’ pensions remain secure and that My USS login information has not been compromised. They have reviewed their own systems and controls to ensure they remain robust.
We have been informed by USS that they will be writing to members shortly to make them aware, to apologise and to provide ongoing support and advice.
We recognise this may be worrying for you. We are sharing guidance and the information that has been communicated to us by USS and will continue to keep you updated as we know more.
USS has published information on their website about the Capita cyber incident and its potential impact, which we recommend you read. This contains a set of Q&As to address immediate questions.
If you have any questions, we recommend that you go to the USS website in the first instance, or contact mydata@uss.co.uk.
Advice on cyber security and spotting scams
We would encourage staff to always be aware of good practice for their personal security and of preventative action for scams. The National Cyber Security Centre, the National Fraud & Cyber Crime Reporting Centre, the Metropolitan Police and the Information Commissioner’s Office (ICO) all provide useful guidance and resources around this.
USS has also published some information around how to spot scams and encourages members to only ever give out personal information if they are absolutely sure that they know who they are communicating with. They advise:
If you receive a suspicious email, you should forward it to report@phishing.gov.uk. For text messages and telephone calls, forward the information to 7726 (free of charge). For items via post, contact the business concerned.
If there are any changes to your National Insurance information, HM Revenue & Customs would contact you – but you can also phone them on 0300 200 3500 if you notice anything suspicious.
If you are concerned someone might be impersonating USS, please let us know by emailing mydata@uss.co.uk.
Accessing support
We recognise that this news may cause worry for some of our staff who are USS members, and UCL offers free and confidential, 24/7 wellbeing support by phone, WhatsApp or Live Chat on 0808 196 5808, or further resources on our wellbeing pages.
We are in contact with USS and will continue to keep you updated with further information as we know more.