Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Espionage

June 25, 2026

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
Facebook X (Twitter) Instagram
Thursday, June 25
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»Cyber Security»South Staffordshire Water Fined £1m After Data Breach
Cyber Security

South Staffordshire Water Fined £1m After Data Breach

Team-CWDBy Team-CWDMay 12, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


A UK water company has been fined nearly £1m ($1.4m) by the data protection regulator after a two-year-long incident resulted in the compromise of personal information on over 633,000 people.

South Staffordshire Water and parent company South Staffordshire PLC agreed to pay the Information Commissioner’s Office (ICO) a fine 40% lower than the original £1.6m ($2.2m) sum in return for not contesting the fine.

The incident itself began with a successful phishing email on September 11, 2020 which resulted in the installation of the Get2 downloader and the SDBbot remote access Trojan (RAT).

However, the network intrusion went undetected for nearly two years. On May 17, 2022 the threat actor began moving laterally through the water company’s network, using a domain administrator account and the remote desktop protocol to access 20 different endpoints between that date and August 4.

The breach was only discovered when IT performance issues – caused by “unscheduled database exports” – prompted an investigation on July 15, 2022. Nine days later the company reported a personal data breach to the regulator.

On July 26, the water company discovered a ransom note that the threat actor had unsuccessfully tried to send to some members of staff.

Read more on water company breaches: NCSC Urges UK Water Companies to Secure Control Systems.

The threat actor claimed to have stolen 4.1TB of data from South Staffordshire Water, amounting to 633,887 current and former customers and employees. That’s around a third (34%) of all the personal information held by the company, according to the ICO.

The stolen PII, which was dumped on the dark web, was highly sensitive, including:

  • Personal details such as full name, physical and email address, date of birth, gender and telephone number
  • Employee HR information including National Insurance numbers 
  • Customer account information, and bank account number and sort code
  • Information relating to customers on the Priority Services Register, from which disabilities could be inferred

Multiple Security Failings

The company’s security posture was found wanting on several fronts:

  • Limited controls (including a lack of least privilege policy enforcement) that enabled the attacker to escalate to administrator privileges
  • Inadequate monitoring and logging, with just 5% of the IT environment being monitored
  • Use of legacy unsupported software on some devices, including Windows Server 2003
  • Inadequate vulnerability management, including unpatched critical systems and no regular internal or external security scans

Ian Hulme, ICO interim executive director for regulatory supervision, argued that water customers don’t have a choice as to which company they use, meaning providers must take data protection responsibilities seriously.

“The steps that South Staffordshire failed to take are established, widely understood and effective controls to protect computer networks. The ICO expects all organizations – and particularly those handling large volumes of personal information as part of critical national infrastructure – to have these in place,” he added.

“Waiting for performance issues or a ransom note to discover a breach is not acceptable. Proactive security is a legal requirement, not an optional extra.” 

Lessons Learned 

The ICO published a lengthy write up of the case, which could be useful for security professionals working in this and other critical infrastructure sectors.

The regulator urged organizations to review their own resilience posture in light of the incident, and ask themselves the following:

  • Are least privilege access controls in place? 
  • Are logging and monitoring controls providing sufficient coverage of the IT environment, and are alerts being acted upon? 
  • Are all systems patched and supported?
  • Is vulnerability management part of regular operational practice, including both internal and external scanning? 



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleMalicious Hugging Face Repository Typosquats OpenAI
Next Article Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Team-CWD
  • Website

Related Posts

Cyber Security

Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Espionage

June 25, 2026
Cyber Security

UK Museums Face Cybersecurity Risks, MPs Warn

June 24, 2026
Cyber Security

Trump Issues Executive Order to Fast-Track Post-Quantum Migration

June 23, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Why geopolitical turmoil is a gift for scammers, and how to stay safe

May 15, 2026

What’s at stake if your employees post too much online

December 1, 2025

What is it, and how do I get it off my device?

September 11, 2025

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.