Financial details belonging to customers of the South Staffs Water company have been leaked online following a cyberattack on its parent company earlier this year, it has been revealed.
An investigation into the incident, which took place in August, has been carried out by South Staffordshire PLC, which runs the South Staffs and Cambridge water companies. Russian ransomware gang Cl0p claimed responsibility for the hack, but it is not known whether a ransom was demanded or paid.
South Staffs Water provides drinking water for approximately 1.3 million people.
South Staffs Water reveals consequences of cyberattack
Card numbers and sort codes of customers using the direct debit payment method to pay their water bills have been found on the dark web.
“Since the incident, we’ve been working with leading forensic experts to investigate fully what happened,” a statement from South Staffs Water said. “Our investigation has now found that the incident resulted in unauthorised access to some of the personal data we hold for a subset of our customers.”
The water company has tried to mitigate the risks faced by affected customers by putting together support packages including a free 12-month subscription to an online fraud monitoring service and a helpline for customers who would like guidance on what to do.
Andy Willicott, managing director of South Staffs Water, said: “We understand that customers trust us to keep their data safe and I’d personally like to say sorry to all those customers impacted – we’ll be doing what we can to support you through this.
“We will continue to invest in protecting our customers, our systems, and our data. Consumers can have complete confidence that the water we supply is safe,” he said.
The statement added that the company is “working closely with the police and with the relevant government and regulatory authorities and are keeping them updated”. It did not reveal any details of how the attack happened.
Tech Monitor has asked the water company how many customers have been affected by the incident but has yet to receive a response.
How the South Staffs Water cyberattack happened
When the incident occurred South Staffs Water said it experienced “disruption to our corporate network and our teams are working to resolve this as quickly as possible,” and said it did not affect customer service teams.
It was keen to point out water supply was not in danger, but that it put additional protection measures in place on a precautionary basis.
However, Cl0p operatives had a different story. “We have access to more than 5TB of data,” the group tweeted. “Every system including SCADA, which controls chemicals in water. If you are shocked, good.”
The gang had mistaken the company they were attacking, claiming it was Thames Water, which damaged the credibility of the threat somewhat. So far the data leak is the only known consequence of the hack.