Frequently asked questions

  • Cyber incident

  • What has happened?

    You may have seen in the news that Capita, who are the administrator of the AXA UK Group Pension Scheme (the "Scheme"), have experienced a cyber incident. Capita have been investigating this incident and we have been working with them to monitor the situation.

    Unfortunately, Capita have reported to us (the Trustees) that our Scheme is among those pension schemes that are affected, because members' personal data was held on Capita's IT systems that were affected by the cyber incident. This means that personal data that Capita processes on behalf of our Scheme has been part of the data that has been taken from them as part of the cyber incident.

    We have been notified that data relating to people who are receiving pensions from the Scheme has been affected.  If you're not currently receiving a pension from the Scheme, we have not been notified that your data is impacted but we will keep you informed of any developments.

  • What data is at risk?

    The data that is potentially at risk is: name, member unique identification, National Insurance number, pension in payment, tax code, tax paid and other deductions where applicable. For a smaller proportion of those affected, date of birth, date of retirement, date pension stopped and, in a very small number of cases, address and certain bank details, may also be at risk. We have been contacting everyone who is affected to confirm the position that applies to them personally.

  • Could any more of my data be at risk?

    Capita have now completed their detailed internal investigation and notified the Trustee of the outcome on Friday 2nd June. These investigations are being reviewed by an external party. Capita does not expect to announce any further at-risk data; however, we will update the article on our Trustee website if there is a further update (and we will also inform members directly again if there are any further relevant developments to report that affect them personally).

  • What immediate actions have the Trustees taken?

    We have an incident response plan for situations like this, and we are proactively working with Capita and professional advisers on our next steps. We have been gathering required information and taking the further steps necessary for us to be able to contact affected members directly, as quickly as we could, to provide more information and guidance, including sources of further assistance.

    The Scheme’s Trustee has also notified the Information Commissioner’s Office (ICO) of a data breach and also notified The Pensions Regulator, in line with legal requirements. AXA UK is keeping other regulators updated as needed.

  • What assistance is the Trustee providing?

    Affected members have been given an option to take out a free 12-month membership of an Experian fraud monitoring service. Relevant details as to how to access this service are included in the letter from the Trustee.

  • If I have a query can I speak to someone and will they be able to take my call?

    We have arranged for further resources to be added on the Scheme member helpline (0370 1234 701). Also, Experian have increased their resource on their technical helpline which is supporting the implementation of the Experian service. A significant number of members called in to make in enquiries on Monday 5th and Tuesday 6th June, but the number of calls has since reduced. We are sorry if you have needed to queue to get through on the phone.

  • When was the incident at Capita and could the Trustee have told me any sooner?

    We understand from Capita that the incident arose following initial unauthorised access on or around 22 March which was interrupted by Capita on 31 March. Capita made a formal notification to the stock market on 3 April noting that there was some evidence of a limited transfer of data from their servers and that Capita were investigating the data breach to identify those that were impacted. On 17 May, Capita first informed the Trustee that some Scheme data was at risk. We were informed that additional data was at risk on 2 June.

    In the period up to 2 June, Capita were still carrying out their internal investigation to check for any impacts on Scheme data, and we kept in regular contact with them so that we could update members as quickly as possible if there were any relevant developments.

    Following each of notifications (on 17 May and 2 June), we’ve needed to gather further information and take the steps necessary to contact members as quickly as we could. We needed to work with Capita to obtain additional information in order to be able to identify and write out personally to everyone who is affected in each case. We also obtained the details necessary for accessing the Experian service. It has taken a little time to check the affected members and then print and post the letters, but we did this as quickly as we could.

  • Do you have any more detail about how the cyber incident occurred? Was the data encrypted?

    Capita is still in the process of providing the Trustee with details as to the outcome of their internal forensic review. The Trustees will be seeking to confirm exactly how this incident occurred, to understand the lessons learned from this incident, and identify security improvements which can be made to better protect personal data.

    It is important to note that we have had assurances from Capita, that the Cyber issue does not relate to Capita’s Hartlink or Hartlink online portal (the core administration system and attaching on-line tool). We have been informed this administration platform is encrypted.

  • Are AXA and the Trustees carrying out their own checks?

    The Trustee has been fully supported by AXA UK’s Business Continuity and Data Protection/Privacy Teams to ensure we are closely monitoring the position and also conducting checks to help determine if any AXA data has entered the dark web.

  • Are Capita's systems now secure?

    Capita have publicly stated that they have restored impacted services. Capita have confirmed to the Trustee that they have received independent assurance from third party IT experts that Capita’s systems are secure and robust again.

  • Is the cyber incident over?

    Capita have confirmed to the Trustee that they have received independent assurance from third party IT experts that Capita’s systems are secure and robust again.

    We will provide further updates as needed if there are any additional relevant developments to report in relation to the Scheme.

  • Should the Capita Contract be reviewed?

    As with all of the Trustee's service providers, Capita's performance is monitored and reviewed. The Trustee will take onboard feedback received in relation to the Capita contract.

  • What due diligence did the Trustee and AXA UK take on an ongoing basis?

    In 2022, an external consultancy firm, commissioned by the Trustee, performed a review of Capita’s systems, specifically in relation to cyber security. In addition, the AXA IT security team undertake periodic reviews of Capita’s systems.

  • Capita mentioned (in an online article) that the hack may cost them £20m. What does this mean?

    Capita has stated that it expects to incur exceptional costs of approximately £15m to £20m associated with the cyber incident, comprising specialist professional fees, recovery and remediation costs and investment to reinforce Capita’s cyber security environment. The Trustee does not have any further information as to how this figure was calculated by Capita.

  • Why is Capita offering the Experian service for only 12 months?

    The current intention is that the membership would expire after 12 months. Capita has been advised by its third-party experts that 12 months of monitoring is in line with market standards. We can reassure you that the Trustee will keep this position under review.

  • The Trustee is suggesting that members use Experian. How do we know we can rely on their security?

    Experian is an established business, offering a service which you may find useful, as outlined in our letter. Whilst we strongly encourage you to consider taking advantage of the free 12-month service, you do not have to do so. Experian’s approach to data privacy is set out on their website

  • What can Experian provide if I do not want to use the internet?

    It is possible to request a ‘Statutory Credit Report’ from Experian.

    • This is a one-off report of your credit file.
    • You can apply for it via post.
    • This is offered Free of Charge.
    • It is a one-off report on a particular date, so it does not provide ongoing monitoring against Fraud

    To obtain a one-off copy of Experian will require the following details:

    • Member’s full name
    • Date of birth
    • Address history for the last 6 years

    You can apply for your Statutory Credit Report by post by filling in the application form (Statutory Credit Report application form (2).pdf) and sending it to the address below:

    Customer Support Centre, Experian Ltd, PO Box 8000, Nottingham, NG80 7WF

    It usually takes up to 7 working days for your report to arrive. It may take longer if they require some more information to verify your identity.

  • How can I use Experian if I do not have the internet or an email address?

    The Experian monitoring service does require internet access and an email address, but we appreciate that not everyone will have these. Accordingly, Experian will allow you to let someone else set up and use the Experian service your behalf. For example, you could ask a trusted family member, friend or third party to do this; and many public libraries offer free internet access. If you ask someone else to use the Experian service for you, and they want to contact Experian on your behalf, Experian will ask them to provide evidence that:

    1. you have provided your consent for them to contact us on their behalf (e.g. by asking to speak to you); or
    2. they have Power of Attorney, Deputyship or similar legal authority where you are unable to provide your consent for them to contact us on their behalf.

    If you have further questions on this, or any particular accessibility requirements relating to Experian, there is a specialist number to call. The people there can provide more detail about the service and how it works. That phone number is 020 8090 3696. They are open Monday to Friday, 8am to 6pm.

  • Can Experian offer CIFAS as an additional check?

    For UK based pensioners. If you are at higher risk of fraud, Experian can add protective CIFAS (Credit Industry Fraud Avoidance System) registration to your Credit Report which can help prevent credit being taken in your name.

    CIFAS can be applied free of charge through your Identity Plus membership. Please note CIFAS may not be available overseas.

    Experian have advised that this service isn’t applied by default because it does add additional security checks when applying for credit, meaning some people prefer not to use it. If you have or will shortly have legitimate credit applications going through, being on the CIFAS register may impact the lending approval criteria, so it’s important you think about whether you are making any credit applications before you set up CIFAS.

    To activate your CIFAS registration, please contact the Experian Product support team on 020 8090 3696. They are open from Monday to Friday between 8am and 6pm.

    If you want to find out any further information around CIFAS you will find this information here If you do wish to take this complimentary service please contact Experian and not CIFAS direct.

  • Will Capita/Trustee indemnify me for any loss incurred as result of this incident?

    We recommend that members sign up to Experian’s monitoring service, as this will help to reduce the risk of any loss. However, if you believe that you have suffered a loss as a consequence of this incident, you can use the existing procedures to raise a complaint, detailing any loss incurred. We would give appropriate consideration to any such complaint and would expect Capita to do the same.

  • Can the Trustees give me any guidance on keeping my data safe?

    We would remind our members to be extra vigilant for unusual activity on their accounts, including suspected phishing emails, and other potential scams and/or fraudulent activity.

    Have a look at the Government National Cyber Security Centre’s guidance on data breaches. We would encourage members to only ever give out personal information if they are absolutely sure they know who they are communicating with.

    • If you receive a suspicious email, you should forward it to
    • For text messages and telephone calls, forward the information to 7726 (free of charge).
    • For items via post, contact the business concerned.
    • If there are any changes to your National Insurance information, HM Revenue & Customs would contact you – but you can also phone them on 0300 200 3500.
  • What should I do if I think I may have been scammed?

    If you think that you may have been the victim of a scam, or that someone has attempted to carry out a scam, there are a number of things you can do:

    • Get in touch
      If the scam relates to your Scheme benefits, please contact Capita on 0370 1234 701 or at

    • Report it
      You can make a report to Action Fraud (the National Fraud & Cyber Crime Reporting Centre) on 0300 123 2040 or at
  • What, if anything, should we tell our bank, building society etc?

    You may wish to consider whether you tell the bank that your personal data is potentially at risk as a result of the Capita data breach and that they should be on alert as to any unusual activity on your account. The Trustee will provide further guidance in letters issued personally to affected members.

  • Have the Trustees informed the Information Commissioner’s Office (ICO)?

    Yes, we have reported this to the ICO and will work with them to address any queries they may have.

  • Have the Trustees informed The Pensions Regulator?

    Yes. We have been keeping The Pensions Regulator up to date about our response to this incident.

  • Have the Trustees informed the Financial Conduct Authority & PRA?

    Yes. Whilst this incident relates to Scheme data and not AXA customer data, AXA UK has been keeping its regulators updated.