Southern Water, a UK utility company, has confirmed that customer data was stolen by a ransomware gang that attacked its systems in January 2024. The Black Basta crew claimed responsibility for the cyberattack and posted information about it on a dark web leak site. Southern Water has stated that a “limited part” of its servers had been compromised and customer data, including names, birthdates, National Insurance numbers, bank account details, and customer reference numbers, had been stolen. The company has begun notifying affected customers and has informed the Information Commissioner’s Office. Southern Water has also stated that no evidence of the stolen data being published online has been found so far. Additionally, the company is providing cyber advice and support measures for affected individuals, including free-of-charge credit monitoring.
Javvad Malik, lead security awareness advocate at KnowBe4, praised Southern Water’s response as an example of best practice in incident response. However, he also highlighted the need for individuals to be provided with clear instructions on how to safeguard themselves against potential misuse of the stolen data.
Authorities in the UK and the US are highly concerned about cyberattacks targeting critical national infrastructure operators like utilities. Such organizations are attractive targets for financially motivated attackers, such as ransomware gangs, and state-sponsored attackers. The potential consequences of such attacks include service disruption and even harm to public health through water supply disruption or tampering with chemical content. Southern Water may have been relatively fortunate in this case as the attackers’ focus appeared to be data theft and extortion. However, the incident highlights the vulnerabilities of critical national infrastructure to hacking and the risks associated with compromised sensitive customer data.