Southern Water Notifies Customers and Employees of Data Breach

Security

Southern Water has confirmed that personal data of both customers and employees has been accessed in a recent ransomware attack.

The UK water supplier revealed that it plans to notify 5-10% of its customer base to inform them that their personal information has been impacted. With the firm serving around 4.6 million customers in Southern England, this could equate to between 230,000 and 460,000 people.

In addition, all current employees and some former employees will be notified that their personal data may have been accessed, the company said in a post on February 13, 2024.

These notifications will offer advice and guidance on the potential risks to those affected, and precautionary steps on how to mitigate them. This is likely to warn of the potential threat of phishing attacks and identity theft that may occur if the stolen data is used by threat actors.

Data Leaked by Black Basta

Southern first revealed it had suffered a data breach on January 23. This followed the apparent leak of personal data held by the firm by the Black Basta ransomware group.

The utilities company confirmed at the time that “a limited amount of data has been published.”

However, the firm’s operations and services to customers were not impacted.

Following an investigation with expert technical advisors, Southern said that data from a limited part of its server estate was stolen in the attack.

There is currently no new evidence of the stolen data being published online. Southern has engaged independent cybersecurity experts to continue monitor the dark web for signs that the information has been leaked.

“They will continue to carry out their checks for as long as is necessary,” the company stated.

Southern added that it is continuing to work with the government, regulators, law enforcement and incident response experts to investigate the incident and discover any more suspicious activity on its IT estate.

Javvad Malik, Lead Security Awareness Advocate at KnowBe4, praised Southern’s transparency and adherence to incident response best practices.

“While Southern Water’s prompt acknowledgment of the breach and their engagement with cybersecurity experts to monitor potential data leaks is commendable, it highlights the persistent threat that cybercriminals pose to organizations, particularly ones in critical infrastructure,” he observed.

Southern Informs Impacted Customers

Several Southern customers contacted the firm on X (formerly Twitter) to check the validity of emails they received from the firm confirming their data was affected.

The screenshotted emails said the data accessed may include customers’ basic personal details for administering accounts and identifying them.

The company also appeared to offer impacted customers free identity and credit checks. Southern confirmed these emails were legitimate.

Rebecca Moody, Head of Data Research at Comparitech, told Infosecurity that Southern Water’s estimate that 5-10% of its customer base were impacted by the attack would make it one of the largest data breaches on a utilities company globally since 2018.

It will join Australia’s Optus which was hit in September 2022 and affected 9.8 million customers. Satellite television company Dish Network was targeted in February 2023 and the data breach affected nearly 297,000 customers.

Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, said that all customers and current and former employees should act under the assumption that their data has been accessed, and stay alert for targeted phishing attempts using the personal information.

“Customers and employees should take advantage of any credit monitoring offered by Southern Water and should also be sure to keep a close watch on all of their accounts, while also being alert for any newly opened accounts,” he advised.

Products You May Like

Articles You May Like

New Xiu Gou Phishing Kit Targets US, Other Countries with Mascot
Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned
UK Council Sites Recover Following Russian DDoS Blitz
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System
Month in security with Tony Anscombe – October 2024 edition

Leave a Reply

Your email address will not be published. Required fields are marked *