Hundreds of pension funds have been asked to check whether data was stolen by cybercriminals during a major hack of the UK's largest outsourcer.
The Pensions Regulator has asked trustees responsible for funds that use Capita as an administrator to assess whether clients' data is at risk.
After the hack in March, information apparently containing Capita data began to circulate on the dark web.
They included home addresses and passport images.
The pensions watchdog said on Sunday that it had written to the hundreds of pension funds that employ Capita to administer their payment systems.
The letter, first reported by the Sunday Times, urged funds to "determine whether there is a risk to their scheme's data" and tried to establish whether they are in touch with the company.
A spokesman for the Pensions Regulator added: "We take IT security and the risk of cyber attacks extremely seriously." Capita's systems administer pensions of more than four million savers on behalf of 450 organisations, including Royal Mail and Axa.
It said that only a small number of its computer servers were compromised during the cyber-attack.
In a statement, it added that it has also been in regular contact with authorities since the hack and that it will update them on the investigation as it progresses.
Capita is also one of the government's biggest suppliers - it provides IT services among its businesses, which include running the London congestion charging zone, collecting the BBC licence fee and overseeing training for the Royal Navy.
It is also a leading pension adviser in the UK, providing consulting services to 150 pension schemes.
