Staff news

USS and Capita data breach update

USS and Capita data breach update and cyber security advice

If you are a member of the Universities Superannuation Scheme (USS), you will have received updates from USS about a recent cyber security incident involving one of their technology partners, Capita.  

We recognise this incident may be worrying for you so we are sharing the guidance provided by USS about that incident, together with general advice to help you better protect yourself should anyone try to misuse your data.  

USS guidance and FAQs can be accessed via their website below or by following the link in their emails to you. If you are a member of the scheme but can’t see an email, check your ‘junk’ folder in case they went there. 

Important update on Capita's cyber incident ( 


Advice on cyber security and spotting scams  

We strongly encourage staff to always be aware of good practice for their personal online security to prevent falling victim to scams. Below are some tips for how to do this:

  • If you receive a suspicious email at work, do not reply or click on any links. Simply forward it to the IS Helpline as an attachment, and they will investigate. If you receive a suspicious email to your personal email, you can forward it to  

  • For text messages and telephone calls, you can forward the information to 7726, free of charge. For items via post, contact the business concerned.  

  • If there are any changes to your National Insurance information, HM Revenue & Customs will contact you to direct you to your online account where you can see what changes have been made. Please note, their emails will never contain links or attachments. Alternatively, you can phone HM Revenue & Customs on 0300 200 3500 if you notice anything suspicious.   

  • If you are concerned someone might be impersonating USS, please let them know by emailing


Frequently asked questions about cyber security 

How might scammers try and catch me out? 

Professional criminal gangs are well organised and can easily mimic a banking phone system and even make it look like the phone number they are using is your bank. Scammers want to build a rapport with you and get you to trust them. They will try and get you to do what they want quickly and will say if you don’t then you all will have some or all of your money taken from your account. This time-induced pressure is there to panic you into action and is entirely untrue.  If they try to pressure you to stay on the line and not call back, hang up. You are not being rude – you are being careful. Genuine bank or pension company staff won’t try to pressure you – only scammers do this. 

Where can I get more awareness training about this, and other cyber issues?  

The University Information Security Team run awareness sessions about online safety and how to protect yourself throughout the year. If you want more details, for you or your department, email the team on and we will get back to you with dates and times. We can also run bespoke sessions if required. 

More information is also available on the ISG website and other useful links below. 


Related links

USS and Capita data breach update | The University of Edinburgh