View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 5, 2022updated 22 May 2023 12:41pm

Cambridge Water customers informed of data breach three months after cyberattack

The company's clients are the latest to impacted by a cyberattack that took place in August.

By Claudia Glover

Cambridge Water customers are the latest to be revealed as victims of the South Staffordshire Water cyberattack. Names, addresses, and bank account details of victims have been found on the dark web. The company has warned that criminals could use the data to submit fraudulent direct debit requests from victim accounts. 

Cambridge Water announced a data leak months after the attack took place. (Photo by yangjlin/Shutterstock)

As reported by Tech Monitor, the cyberattack took place in August, with Russian ransomware gang Cl0p claiming responsibility. It remains unclear whether a ransom for the data was demanded of the water company.

Cambridge Water supplies water to 350,000 residents of Cambridgeshire.

South Staffordshire Water Company attack details leak out

In the months following the attack, investigations were carried out by the company into the breach. Though details of how it happened have yet to be revealed, last week South Staffs Water, Cambridge Water’s sister company, admitted that it had found its customers’ direct debit data being shared on hacking forums

Today it has been revealed that direct debit details of Cambridge water customers are also being shared on dark web forums. The water company sent out a letter to affected customers.

“We can now confirm that the data of yours that was impacted includes your name and current address, the bank details you provided for your direct debit payments to us and may also include other personal data which we process about you to provide you with clean water and related services,” says the letter, seen by Tech Monitor.

It then goes on to explain the risks that come with the data being exposed. “There is a risk that cybercriminals may try to use this compromised data to carry out fraud, in particular by submitting fraudulent direct debits to your bank or building society using the data compromised in the cyberattack.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The company is offering a year’s subscription to a fraud monitoring service to help customers track whether their details are being used illegally, and has set up a hotline for affected customers.

Tech Monitor has contacted South Staffordshire Water for comment. It has not disclosed how many customers were impacted by the breach.

Cambridge Water data breach: unhappy customers

Those who have been affected by the attack are urged to sign up for the fraud service and to remain vigilant of any signs of wrongdoing on their bank accounts.

However, this package does not appear sufficient to quell the anger of the customers affected by the data leak. One victim who wished to remain anonymous told Tech Monitor, “It’s very scary to think that this information may have been available on the dark web for three months and the first we heard about it was when the letter arrived today.

“Our bank account details could have been compromised by fraudsters and we’ve been left in the dark about it. Cambridge Water has offered us a year’s subscription to an identity monitoring service, but what happens when that expires? It’s not good enough.

They added: “You trust utility companies to look after your data properly and when something like this happens it’s really terrifying. I hope they will provide suitable compensation and a full explanation of how this happened.”

Read more: Why are UK police forces being overwhelmed by cybercrime?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.