I've just been given a similar free subscription to the same service for a year.
In my case, because one of Tesco bank's print suppliers had been hacked.
No personal banking details were obtained, so probably just name and address etc, but could potentially be used for fraudsters to apply for credit in my name.

On similar lines, have a look at This Site to check your email for known data breaches.
https://haveibeenpwned.com/

Google's own password check is handy too.

Bill

When there are major breaches like this, do the outfits that you believe are keeping your private information secure get beaten up by the law? It seems to me that they just shrug their shoulders, and are allowed to carry on. There's a small rebellion against being pushed to do everything online, (probably mainly old geezers without smart 'phones, and being difficult by refusing to use online 'services&#39, but it's so small at present, and not arganised, that we must accept that our privacy and security are no longer respected, or considered important. And we're considered difficult…

Hi Robin, a pension I have is also with capita, and I too got the email. I also joined for free, Experian.

Fortunately I dont get bombarded with emails from Experian, so although my data may have been compromised so far it appears not to have been used by the criminal filth.

As for taking responsibility, I agree with Kiwi Bloke, capita will just carry on as there is no punishment. I think if anyone has lost money then they should be reimbursed. Maybe all those affected should get some compensation other than a free years subscription to Experian.

So now Experian have permission to access all your details. Did any part of the registration involve passing over credit card or bank details, though maybe they have that as part of the info handed to them by Capita. Prepare for sudden unexpected charges at the end of the free period.

Many thanks – I completely missed that – now sorted.

Andy

because it prevents bulk mailings of the form Dear Sir or similar – one obvious technique that used to be useful was to invent a second initial as a middle name using a different letter for each major login so that was easy to track where unwanted email had come from

A classic illustration of why security is difficult. Using the 'full-name' provides a temporary improvement by releasing information that can be noted and exploited later.

Security a constant battle between the bad guys looking for new ways of breaking in whilst the good guys look for new ways of stopping them. This often leads to long sequences of measure, counter-measure, and counter-counter measure, of which this is an example. Like as not PayPal are already thinking about improvements.

Meanwhile, everyone should be aware that being addressed by their full-name doesn't guarantee anything.

Paranoia never helps. My advice is don't be naive on the internet. Minimise the amount of personal information released. Doesn't provide impregnable security but it takes much longer for the bad guys to collect enough information to mount an effective attack. The folk who blab everything on Facebook, Twitter, et al, are much easier, and quite often belong to a family that does the same. They're a softer target.

Capita are in a different league. Very serious when a financial organisation is hacked, because deeply private information can end up in the wrong hands. If it does the victims are pretty much on their own. Capita, who have a reputation, will no doubt be fined the maximum by the Information Commissioner (about £20M), but the money is small beer. (The maximum fine allowed is set by government, I think it should be much bigger.)

Despite their failure, the firm continues to be awarded major contracts by firms and public bodies keen to reduce the cost of pension admin and other services. In my view it is irresponsible to give Capita new work whilst an incident like this in ongoing, but hey, it saves money!

I'm in favour of leaders being held accountable, which rarely happens in the UK. The best way to hold Capita's feet to the fire is probably to join the Class Action. Apart from making Capita more accountable, I think this is the only way an individual victim can get recompense.

Dave