Better Health for All

Capita PLC was fined £14 million under UK GDPR in October 2025

, following a cyber-attack in March 2023 . This breach resulted in the access of personal data belonging to 6.6 million individuals , including health records and potentially data from the U.K.’s National Health Service (NHS) . An unprotected Amazon-hosted storage bucket was exposed online for seven years , containing approximately 3,000 files totaling 655GB , which included login details for one of Capita’s systems . The company took 58 hours to quarantine the affected device after a high-priority security alert , significantly exceeding its internal target response time of one hour . Prior to the breach, penetration tests had highlighted security gaps on at least three occasions , which Capita did not address, reportedly deciding to accept the risk . The company also lacks a responsible disclosure program or a dedicated security contact . The breach compromised details on how to access the homes of 890 individuals receiving at-home care , and impacted systems used by healthcare professionals . Capita provides business process services, including contact center support to local councils dealing with vulnerable clients . Internally, the company has a multi-disciplinary support process called SafetyNet for colleagues dealing with complex HR cases involving safeguarding, health, wellbeing, or vulnerability issues . It also has ongoing projects aimed at educating colleagues about suicide and protecting them from harm , and works to increase awareness about suicide prevention among colleagues, Senior Executives, and the Board .

Fair Money & Economic Opportunity

The provided articles do not contain specific, quantifiable evidence to assess Capita PLC against the 'Fair Money & Economic Opportunity' value. Capita's business primarily involves consulting, digital services, and business process outsourcing for public and private sector organizations, rather than direct consumer financial services like lending or deposit products. Therefore, KPIs related to consumer-facing financial products, pricing, inclusion initiatives, wealth-building outcomes, or debt burden ratios are not applicable or evidenced. While a data breach occurred, leading to a regulatory fine

and the provision of credit monitoring , this relates to data security and remediation, not fair lending practices or proactive financial inclusion as defined by the rubric.

Honest & Fair Business

Capita was fined £14 million (approximately $17.7 million USD) on October 15, 2025, for data protection failings related to a cyber-attack that occurred in March 2023.

This final penalty was reduced from an initial proposed fine of £45 million. The cyber-attack led to the theft of personal information belonging to 6.6 million people, with nearly one terabyte of data exfiltrated. Although a high-priority security alert was raised within ten minutes of the breach, Capita took 58 hours to respond appropriately, against a target response time of one hour. The company offered 12 months of credit monitoring to affected customers, which over 260,000 people activated. The Information Commissioner's Office (ICO) received at least 93 complaints regarding this incident.

Kind to Animals

Capita PLC is a consulting, transformation, and digital services business, primarily delivering digital and software solutions.

Its service-oriented business model means it does not produce physical goods requiring cruelty-free certification, engage in animal testing, operate animal husbandry, source animal products, or conduct R&D relevant to animal-free alternatives. Consequently, all KPIs related to animal welfare, testing, and product sourcing are not applicable to its operations.

No War, No Weapons

Capita has contracts with the Ministry of Defence (MoD), including an Army Recruitment contract, which were subject to investigation by the Public Accounts Committee.

However, the provided articles do not contain specific quantitative data points, such as the percentage of revenue from these contracts, the scope of dual-use technology, or any other metrics required by the rubric to assess performance against the defined KPIs.

Planet-Friendly Business

Capita PLC has set science-based carbon emissions reduction targets for energy use, business travel, and its supply chain, aligned with global ambitions to limit warming to 1.5°C.

The company aims for overall Net Zero by 2035. , with interim goals of operational net zero by 2025 and operational and business travel net zero by 2030. It is committed to reducing absolute Scope 1, 2, and 3 (business travel) GHG emissions by 46% by 2030 from a 2019 base year. Corporate travel emissions were reduced by 71% in 2020. Executive pay will be linked to these ambitious commitments from 2022. The company also aims for 50% of suppliers by spend to have science-based targets by 2025 , and 85% by 2030.

Safe & Smart Tech

Capita experienced a major data breach in March 2023, affecting over 6.6 million individuals

, with 6,656,037 individuals' data exfiltrated, including sensitive and special category data . This incident resulted in a combined £14 million penalty from the ICO for multiple UK GDPR infringements . Critical vulnerabilities, specifically the ability for domain administrator accounts to log on without restriction, were identified in penetration tests on at least three occasions prior to the breach (August 2022, January 2023, February 2023) but were not remediated . Furthermore, none of the systems affected by the incident met Capita’s criteria for penetration testing, indicating a significant gap in security testing coverage . The threat actor achieved privilege escalation using a domain administrator account due to limited practical controls for privileged accounts . In 2024, Capita invested £1.0 million in cybersecurity , representing approximately 0.042% of its £2,369.1 million adjusted revenue . The company holds an ISO 27001 certification . Capita has established AI principles (inclusive, trustworthy, transparent, accountable, secure, governed, and adaptive) and launched a generative AI oversight committee to ensure human oversight and ethical review at the Executive level .