CAPITA PLC – €9,180,000 Fine (United Kingdom, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Capita plc was hit with another fine after a cyber attack exposed sensitive data due to inadequate security. This situation is a wake-up call for all businesses to strengthen their data protection strategies. Protecting customer information is not just a legal requirement; it's essential for maintaining trust.
What happened
Capita plc was fined for failing to implement proper security measures that led to a data breach.
Who was affected
Individuals affected by the cyber attack, including those with sensitive personal data.
What the authority found
The Information Commissioner's Office found Capita violated UK GDPR by not ensuring the security of personal data.
Why this matters
This ruling reinforces the need for companies to take data security seriously. It highlights that neglecting security can result in hefty fines and loss of customer trust.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The UK DPA has imposed a fine of £ 8,000,000 (EUR 9,180,000) on CAPITA PLC. CAPITA PLC acts as the data controller for the CAPITA Group, which has suffered a cyber attack. The controller failed to implement adeqaute technical and organisational measures to ensure data security and also failed to adequatly react to the incident.
Related Enforcement Actions (0)
No other enforcement actions found for CAPITA PLC in UK
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
15 October 2025
Authority
Information Commissioner's Office
Fine Amount
€9,180,000
Enforcement Tracker ID
ETid-2898
About this data
Cite as: Cookie Fines. CAPITA PLC - United Kingdom (2025). Retrieved from cookiefines.eu
Last updated: