U.Ok.-based water utility Southern Water has confirmed that hackers stole the private knowledge of as many as 470,000 clients in a latest data breach.
Southern Water, which supplies water and wastewater companies to thousands and thousands of individuals throughout the South East of England, mentioned in a press release on Tuesday that it plans to inform “5 to 10 %” of its buyer base that that they had private data stolen by hackers throughout a cyberattack in January.
The utility big declined to say precisely what number of people are thus far affected. Simon Fluendy, a spokesperson for Southern Water, informed information.killnetswitch that the corporate has roughly 4.7 million clients, and didn’t dispute that between 235,000 and 470,000 clients had knowledge stolen.
Southern Water notes that the “5 to 10 %” determine is predicated on its ongoing forensic investigations, suggesting the precise variety of people affected could possibly be larger.
Southern Water declined to say what knowledge was stolen. BBC Information experiences that hackers accessed clients’ dates of start, nationwide insurance coverage numbers, checking account particulars and reference numbers.
Southern Water mentioned it additionally deliberate to inform “all of our present workers and a few former workers” concerning the breach of their private data. In its newest annual report, Southern Water says it has roughly 6,000 workers.
The January cyberattack on Southern Water, which the corporate first disclosed on January 23, was claimed by the Black Basta ransomware group, a Russia-linked gang that final yr took accountability for a hack on U.Ok. outsourcing big Capita.
Southern Water has not but commented on the specifics of the incident or how its techniques had been compromised.
Black Basta listed Southern Water on its darkish internet leak web site quickly after the cyberattack final month and claimed to have stolen 750 gigabytes of delicate knowledge from the group, together with company paperwork and clients’ private paperwork.
On the time of writing, Southern Water is now not listed on Black Basta’s web site. It’s not unusual for sufferer firms who pay a ransom to the hackers to have their public listings eliminated. Southern Water declined to say whether or not it had paid a ransom demand.
In its assertion printed on Tuesday, Southern Water says it’s working with cybersecurity consultants to observe the darkish internet. Because the utility’s itemizing on the ransomware gang’s web site, Southern Water says it has “discovered no new proof of the info probably concerned on this cyber incident being printed on-line.”
Southern Water says it has notified the U.Ok.’s knowledge safety regulator, the Info Commissioner’s Workplace, concerning the incident.
