• Staff home
• IT and online services
• Learning and teaching
• Administrative hub
• Research
• Supporting students
• Working at York
• Finance
• Legal Services
• Leisure and culture
• Support, health and wellbeing
• Policies and strategies
• External relations

USS/ Capita data breach: information for staff

Posted on 16 May 2023

If you are or have been a member of the USS Pension Scheme then you may have received an email over the weekend regarding a data breach at their supplier, Capita.

The data breach has been in the media for some time, however USS were informed on 11 May that a datafile containing 470,000 active, deferred and retired members from across the HE sector, had been compromised.

The information in the compromised file included:

• title, initial(s), and name
• date of birth
• national Insurance number (NI)
• USS member number

Whilst there were no contact details in the compromised file; address, phone numbers or email address, we’ve compiled some guidance to help you spot any potential misuse of your information.

It’s important to remember that leaked information is often reused in order to increase the credibility of a phishing email or scam call.

1. If you receive any communication that uses your NI or USS numbers then remember to verify the sender carefully, either by checking their email address or calling them back on an official contact number. Anything marked as requiring urgent or immediate action should be considered especially carefully. HMRC scams or phishing emails are common so it is always good to be vigilant. If you have any doubts then visit the website/service directly, but don't click links in the emails to get there.
2. If you receive anything that looks too good to be true; HMRC saying you are due a tax rebate, USS offering bonus contributions etc, then check the validity by calling that organisation. Do not use any contact details; phone numbers, email addresses, websites, or chats enclosed within the communication as they may be fraudulent as well.

USS have published information and a Q&A on their website.

If you have concerns about anything relating to NI or HMRC information you can always contact HMRC directly on 0300 200 3500 or online.

We’ve created a short awareness course to help you protect your identity online which we will be rolling out to metacompliance users shortly.

If you have further concerns please contact dataprotection@york.ac.uk