View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 30, 2022

Financial details of South Staffs Water customers leaked following Cl0p cyberattack

An investigation into the breach has revealed customer information is available on the dark web.

By Claudia Glover

Financial details belonging to customers of the South Staffs Water company have been leaked online following a cyberattack on its parent company earlier this year, it has been revealed.

South Staffs Water has found customers’ financial information on the dark web during a forensic investigation. (Photo by ToptoDown/Shutterstock)

An investigation into the incident, which took place in August, has been carried out by South Staffordshire PLC, which runs the South Staffs and Cambridge water companies. Russian ransomware gang Cl0p claimed responsibility for the hack, but it is not known whether a ransom was demanded or paid.

South Staffs Water provides drinking water for approximately 1.3 million people.

South Staffs Water reveals consequences of cyberattack

Card numbers and sort codes of customers using the direct debit payment method to pay their water bills have been found on the dark web.

“Since the incident, we’ve been working with leading forensic experts to investigate fully what happened,” a statement from South Staffs Water said. “Our investigation has now found that the incident resulted in unauthorised access to some of the personal data we hold for a subset of our customers.”

The water company has tried to mitigate the risks faced by affected customers by putting together support packages including a free 12-month subscription to an online fraud monitoring service and a helpline for customers who would like guidance on what to do. 

Andy Willicott, managing director of South Staffs Water, said: “We understand that customers trust us to keep their data safe and I’d personally like to say sorry to all those customers impacted – we’ll be doing what we can to support you through this.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“We will continue to invest in protecting our customers, our systems, and our data. Consumers can have complete confidence that the water we supply is safe,” he said.

The statement added that the company is “working closely with the police and with the relevant government and regulatory authorities and are keeping them updated”. It did not reveal any details of how the attack happened. 

Tech Monitor has asked the water company how many customers have been affected by the incident but has yet to receive a response.

How the South Staffs Water cyberattack happened

When the incident occurred South Staffs Water said it experienced “disruption to our corporate network and our teams are working to resolve this as quickly as possible,” and said it did not affect customer service teams.

It was keen to point out water supply was not in danger, but that it put additional protection measures in place on a precautionary basis. 

However, Cl0p operatives had a different story. “We have access to more than 5TB of data,” the group tweeted. “Every system including SCADA, which controls chemicals in water. If you are shocked, good.”

The gang had mistaken the company they were attacking, claiming it was Thames Water, which damaged the credibility of the threat somewhat. So far the data leak is the only known consequence of the hack.

Read more: UK cybersecurity rules enhanced to protect critical infrastructure

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.