What steps has the company already taken and what is it going to do next?
Southern Water, one of the largest suppliers of water supply and sanitation in the UK, admitted in an official statement that the data of 5 to 10 percent of its customers was stolen as a result of the January cyber attack .
The information was received against the background of already existing concerns about the data security of the company's employees, who were also affected by the incident. The company intends to contact affected customers directly in the coming days.
Although Southern Water has not confirmed that the incident was caused by ransomware, the cybercrime group Black Basta, which previously claimed responsibility for the attack, has already published some of the stolen data online. Among the published information were personal documents and files of personnel services.
In emails sent to customers, the company notified them of possible theft of names, dates of birth, national insurance numbers, bank account numbers, and other information. Victims are offered a free annual subscription to the Experian IdentityWorks service for monitoring their credit history.
Southern Water's official website states that the company serves 2.5 million water supply customers and more than 4.7 million wastewater customers, which means that hundreds of thousands of customers may soon receive emails notifying them of data theft.
In a recent statement, the company said that despite the incident, operations and services for Southern Water customers were not disrupted. The company is actively cooperating with the government, regulators, the National Cybersecurity Center, and has notified the police and the Data Protection Authority.
In response to the incident, the IT security team also took additional measures to protect the company's internal systems.
Notably, Black Basta ransomware has already removed information about Southern Water from its leak site. This usually happens after the buyout is paid, but the company declined to comment on this point. It is quite possible that a small part of the published data was enough for the management of Southern Water to decide to pay a ransom for not publishing all the rest of the information.
The incident highlights the growing threat to critical infrastructure, including the water supply and sanitation sector, which has been increasingly targeted by cyber attacks in recent years.
Southern Water, one of the largest suppliers of water supply and sanitation in the UK, admitted in an official statement that the data of 5 to 10 percent of its customers was stolen as a result of the January cyber attack .
The information was received against the background of already existing concerns about the data security of the company's employees, who were also affected by the incident. The company intends to contact affected customers directly in the coming days.
Although Southern Water has not confirmed that the incident was caused by ransomware, the cybercrime group Black Basta, which previously claimed responsibility for the attack, has already published some of the stolen data online. Among the published information were personal documents and files of personnel services.
In emails sent to customers, the company notified them of possible theft of names, dates of birth, national insurance numbers, bank account numbers, and other information. Victims are offered a free annual subscription to the Experian IdentityWorks service for monitoring their credit history.
Southern Water's official website states that the company serves 2.5 million water supply customers and more than 4.7 million wastewater customers, which means that hundreds of thousands of customers may soon receive emails notifying them of data theft.
In a recent statement, the company said that despite the incident, operations and services for Southern Water customers were not disrupted. The company is actively cooperating with the government, regulators, the National Cybersecurity Center, and has notified the police and the Data Protection Authority.
In response to the incident, the IT security team also took additional measures to protect the company's internal systems.
Notably, Black Basta ransomware has already removed information about Southern Water from its leak site. This usually happens after the buyout is paid, but the company declined to comment on this point. It is quite possible that a small part of the published data was enough for the management of Southern Water to decide to pay a ransom for not publishing all the rest of the information.
The incident highlights the growing threat to critical infrastructure, including the water supply and sanitation sector, which has been increasingly targeted by cyber attacks in recent years.
