South Staffordshire Water data breach exposes customer bank details  


Around 1.7 million people in England could be affected by a data breach at South Staffordshire Water and customers who pay their bills by direct debit may have had their bank details stolen. Cybercriminals are behind the data breach in what is suspected to have been an attempted ransomware attack. 

According to a statement from the water company, the criminal cyber-attack happened in August 2022. Since then, South Staffordshire Water has been “working with leading forensic experts to investigate fully what happened.” The statement also confirms that the “incident resulted in unauthorised access to some of the personal data we hold for a subset of our customers.” 

What details were accessed in the South Staffordshire Water data breach?

When South Staffordshire PLC, the parent company of South Staffordshire Water, first announced that it had suffered a cyberattack, it was believed that the criminals had accessed the personal data of current and former South Staffordshire Water employees. However, it now looks like customers are also impacted. The affected details include: 

  • Customer names  
  • Customer addresses  
  • Account numbers and sort codes (if used to set up direct debit payments). 

Were your details stolen by criminals in the South Staffordshire Water data breach?

If your details were put at risk, South Staffordshire Water will write to you to let you know.  If you do not receive this letter, it is unlikely that you are affected.  

If you do receive a letter confirming your involvement in the data breach, you should take immediate steps to protect yourself. Information stolen in breaches is often used to commit cybercrimes. Privacy violations have resulted in fraud, blackmail, and identity theft, so data breach victims are at high risk of being targeted by cybercriminals. Anyone who has been told that their data was compromised in the breach should take immediate steps to protect themselves. Our data protection experts have provided some guidance on how to do this.  

The South Staffordshire Water ransomware attack

When the attack first came to light, a ransomware group claimed to have hacked a different water company’s network (Thames Water) and demanded an extortion payment to prevent the release of the stolen data. Some of the stolen information was later shared on the dark web. However, the hackers misidentified the water company and it was South Staffordshire Water that was affected.  

The hackers also claimed that they could change the chemical composition of the water, but stressed that they were “not interested in causing harm to people”. South Staffordshire Water rebuffed claims that the criminals could poison water supplies. 

Are you involved in the South Staffordshire Water data breach?

South Staffordshire Water has contacted the affected individuals. And, if you are involved in this breach, you may have a claim for compensation. If you have not received notification, but are worried that you might be involved, you should contact South Staffordshire Water for clarification. 

Keller Postman UK has launched an action to help those involved in the South Staffordshire Water data security failure claim compensation for any distress or financial losses experienced because of this breach.  We urge anyone affected to register with us. 

Share this article: