Capita fined £14m for data protection failings in 2023 cyber-attack

*Executive summary:* Capita was the victim of a March 2023 cyber-attack that led to the theft of personal data for 6.6 million people, installation of ransomware, reset of user passwords and exfiltration of almost 1 TB of data; the Information Commissioner fined Capita £14m after finding failures in patch management, understaffed SOC and inadequate testing.