Capita, the UK-based provider of business process outsourcing solutions and professional support services, announced an update on a cyber incident it had experienced in late March which had primarily impacted access to internal applications.

The incident caused disruption to some services provided to individual clients, though it added that the majority of its client services remained in operation. Capita stated that the incident primarily impacted access to internal Microsoft Office 365 applications.

Since the incident, Capita and its technical partners have restored Capita colleagues’ access to Microsoft Office 365.

“The majority of Capita’s client services were not impacted by the incident and remained in operation, and Capita has now restored virtually all client services that were impacted,” the company stated.

Along with restoring services, Capita has continued to work closely and at speed with specialist advisers and forensic experts in investigating the incident to provide assurance around any potential customer, supplier or colleague data exfiltration.

“From our investigations to date, it appears that the incident arose following initial unauthorised access on or around 22 March and was interrupted by Capita on 31 March,” Capita stated. “As a result of the interruption, the incident was significantly restricted, potentially affecting around 4% of Capita’s server estate. There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data.”

“Capita continues to work through its forensic investigations and will inform any customers, suppliers or colleagues that are impacted in a timely manner,” the company added. “Capita continues to comply with all relevant regulatory obligations.”