I am in the same situation as an ex Capita employee, Hartlink should have written to him explaining the situation. I used the Experian subscription that was offered and will monitor. I don't think he can do much unless his has had his data used. Capita on the other hand will be getting a fine, and that is speaking as an IT bod who had and is still dealing with the aftermath of the attack.