惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Troy Hunt's Blog
P
Proofpoint News Feed
V
Vulnerabilities – Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
K
Kaspersky official blog
Cyberwarzone
Cyberwarzone
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
S
Securelist
L
Lohrmann on Cybersecurity
Security Latest
Security Latest
T
Threatpost
H
Heimdal Security Blog
W
WeLiveSecurity
A
Arctic Wolf
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
IT之家
IT之家
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
TaoSecurity Blog
TaoSecurity Blog
A
About on SuperTechFans
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
N
News and Events Feed by Topic
Hacker News - Newest:
Hacker News - Newest: "LLM"
Last Week in AI
Last Week in AI
T
The Blog of Author Tim Ferriss
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Microsoft Azure Blog
Microsoft Azure Blog
Hugging Face - Blog
Hugging Face - Blog
Google DeepMind News
Google DeepMind News
量子位
Stack Overflow Blog
Stack Overflow Blog
Know Your Adversary
Know Your Adversary
B
Blog RSS Feed
阮一峰的网络日志
阮一峰的网络日志
WordPress大学
WordPress大学
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
AI
AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 司徒正美
Apple Machine Learning Research
Apple Machine Learning Research
GbyAI
GbyAI
Vercel News
Vercel News
C
Cyber Attacks, Cyber Crime and Cyber Security
Latest news
Latest news
D
Darknet – Hacking Tools, Hacker News & Cyber Security
大猫的无限游戏
大猫的无限游戏
Forbes - Security
Forbes - Security

Consumer Insights

Qantas data breach started with a fake IT support call Lidl warns customers after data breach How to find out if your identity has been exposed by infostealers Texas breach exposes PII of 3 million hunting and fishing license customers Maine forced to take down data breach portal after fake notices filed with authorities Carnival breach exposes data of nearly 6 million people 7-Eleven data breach exposes data of 185,000 people DAEMON Tools Lite breach prompts urgent update after malware-laced installer Instructure confirms breach; millions of Canvas users potentially impacted Stalkerware data leak exposes private screenshots linked to celebrities and influencers Hackers claim to have breached Udemy, stealing 1.4 million user records Rituals data breach exposes customer details Booking.com says breach exposed travelers’ data Basic-Fit data breach exposes member information across Europe Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data Lapsus$ claims AstraZeneca breach exposes code and credentials Aura data breach exposes 900,000 records after phishing attack Telus Digital data breach confirmed after ShinyHunters claims 1PB theft Was Your Data Exposed in the Latest Under Armour Breach? Here’s What You Should Do Breach at Tinder, Hinge and OkCupid exposes user data Europe Fines Big Tech €1.2 Billion under GDPR in 2025 European Space Agency's cybersecurity in freefall as yet another breach exposes spacecraft and mission data European Space Agency Confirms New Data Breach; Classified Info May Have Been Stolen Rainbow Six Siege Servers Offline After Massive Breach Floods Accounts with Billions of R6 Credits 21,000 Nissan Customers Exposed After Third-Party Server Breach Spotify Catalog Scraped, 300TB Music and Metadata Dumped via Torrent University of Sydney Confirms Data Breach Affecting Thousands Leroy Merlin Breach Alert: French Customers Notified After Cyberattack Exposes Personal Data CodeRED Emergency Alerts Disrupted Across US After Ransomware Breach
UK Water Supplier Fined Nearly £1 Million After Hackers Roamed Networks for Almost 2 Years
Filip TRUȚĂ · 2026-05-12 · via Consumer Insights

A UK water supplier has been fined £945,000 after regulators found cybercriminals had access to its systems, exposing sensitive customer data, for nearly two years before they were discovered.

The UK Information Commissioner’s Office (ICO) announced this week that it had levied the penalty against South Staffordshire Plc and South Staffordshire Water Plc following a 2022 ransomware attack that compromised the personal data of hundreds of thousands of customers.

Key takeaways

  • UK regulators fined South Staffordshire Plc and South Staffordshire Water Plc nearly £1 million after a major cyberattack.
  • The ICO said attackers were able to linger inside company systems for almost two years before detection.
  • Exposed data reportedly included names, addresses, contact details, and in some cases bank account information.

Attackers reportedly lingered undetected for years

Investigators found the attackers had access to parts of the company’s network long before August 2022 when the breach was publicly disclosed. The ICO said the intrusion went unnoticed for nearly two years, raising serious concerns about the organization’s security monitoring and detection capabilities.

As reported by The Record, the ransomware gang Cl0p claimed responsibility for the attack and published samples of allegedly stolen data online. At the time, South Staffordshire Water said operational water supply systems were unaffected and drinking water remained safe.

However, subsequent investigations revealed that customer data had been accessed and later leaked online.

Who was affected 

Investigators found that, at the time of the attack, South Staffordshire held personal information relating to 750,000 current and 1.1 million former customers—totalling 1.85 million—as well as 2,791 current employees and at least 2,298 former employees. 

Personal information of 633,887 people stolen in the breach was published on the dark web in August 2022, the ICO said. The compromised data included:

  • Personal details such as full name, physical address, email address, date of birth, gender and telephone number. 
  • For employees, HR information including National Insurance numbers. 
  • For customers, account information (including username and password for South Staffordshire Water online services) and bank account number and sort code. 
  • For a small percentage of customers on the Priority Services Register, information from which disabilities could be inferred.

Security failures left customer data exposed

The ICO said the company failed to carry out appropriate security measures to protect personal information, violating UK data protection law. The regulator concluded that inadequate monitoring and cybersecurity controls allowed attackers to stay in internal systems for an extended period.

While the ICO has not publicly detailed every technical weakness involved, long-term unauthorized access typically points to gaps in visibility, endpoint monitoring, network segmentation, identity controls, or incident response readiness.

The incident is part of a broader pattern of cyberattacks targeting water suppliers and other operators of critical infrastructure. Britain’s drinking water suppliers have suffered several cyberattacks since early 2024, according to regulatory disclosures.

Water infrastructure is an attractive target because disruptions could create public panic, operational outages, or even safety risks.

Anyone affected by a data breach should consider a monitoring service. Bitdefender Digital Identity Protection alerts you if your data has been compromised or leaked online, identifies the risks you face, and provides guidance on how to protect yourself.

You may also want to read:

UK Fines 23andMe $3 Million Over 2023 Mega Breach

Aura data breach exposes 900,000 records after phishing attack

Booking.com says breach exposed travelers’ data