Set your privacy preferences

We use necessary cookies to make our website work. Cookies are small files stored on your device. We also use optional cookies to improve our services and tell us if you have seen our advertising. The data we collect is anonymised. Are you happy to accept these cookies?

View cookies

This website uses cookies. Your browser currently has cookies disabled.

Skip to main content

We’re currently upgrading our website. The search facility will be unavailable during this time.

Capita data breach

FOI reference - FOI - 429

Date - 16 November 2025

Request

Under the Freedom of Information Act 2000, I request the following information held by The Pensions Regulator regarding the 2023 data breach involving Capita plc, their associated companies (including Capita Pension Solutions Ltd) and various pension providers.

  1. All internal communications (emails, memos, meeting minutes) between TPR and Travis Perkins Pension and Dependents Benefit Scheme concerning the breach / incident, from 1 March 2023 to present (16 November 2025).
  2. Records of any regulatory or enforcement action considered or taken by TPR specifically in relation to the Travis Perkins Pension and Dependents Benefits Scheme regarding the breach including any advice given.
  3. Any correspondence between TPR and the trustees of the Travis Perkins Pension Fund regarding the breach.

Response

Duty to confirm or deny whether we hold the information requested

We neither confirm nor deny that we hold information falling within the description specified in your request.  

Section 44(1)(a) and (2) – restricted information under s82 PA04

Section 44(2) provides that the duty to confirm nor deny we hold information does not arise if the confirmation or denial that would have to be given would fall within any of paragraphs (a) to (c) of subsection 44 (1). The reason that we cannot confirm or deny that we hold the information is because disclosure of the sort of information requested is prohibited under an enactment, save in certain circumstances which do not apply here.

As we have been given strong powers to demand documents and other information from trustees, employers and others, those powers are also balanced by restrictions on how we disclose the information provided to us. The type of information you have requested would be ‘restricted information’. Restricted information is defined at section 82(4) of the Pensions Act 2004 (PA04) as:

‘…information obtained by the Regulator in the exercise of its functions which relates to the business or other affairs of any person’. 

Under section 82(5) of the PA04 it is a criminal offence to disclose such information except as permitted under that Act.

Whilst the FoIA is based on the presumption of releasing information, section 44(1)(a) of the FoIA provides an absolute exemption to the requirement to disclose any information if its disclosure is prohibited by or under any enactment. In this case, section 82 of the PA04 prohibits disclosure and we are unable to disclose this sort of information. This exemption is absolute and does not require a public interest assessment to be undertaken.

This response should not be taken as any indication of whether or not we hold the information you requested.

Further to our duty to provide advice and assistance, please see the Capita cyber security incident – Regulatory intervention report for further information related to your request which we hope you find helpful.

Thank you for your interest in our organisation. If you have any further questions or require clarification, please do not hesitate to reach out to us.

Back to top
Is this page useful?

Thanks for your feedback.