Water customers’ bank details published on dark web after cyber attack
BANK details of South Staffs Water customers have been published on the dark web after a cyber attack. The data breach took place in August and saw cyber criminals steal sensitive information.
The firm said the “impacted data” included names and address of customers - alongside sort codes and account numbers. In a letter to those affected, it warned their data could be used in fraud cases.
In a statement published on the company website, managing director Andy Willicott personally apologised for the incident.
But the incident stunned customers who received the letter in the past few days.
The document gave no details of how the hack beat South Staffs’ security systems.
The company said it brought in forensic IT experts to investigate the incident and informed various organisations about what happened, including the National Crime Agency. But customers were angered by the letter informing them of the dark web threat - particularly as it urged individuals to “always be vigilant of fraud”.
One customer, who wished to remain anonymous, told the Post: “The managing director keeps trying to minimise the issue and even takes the opportunity to remind me to ‘always be vigilant of fraud and wary of anyone who asks you for personal information’. “I am careful! I wish private companies were more careful with their customer’s data.”
In a statement released on the company website, Mr Willicott said: “Consumers can have complete confidence that the water we supply is safe. We understand customers trust us to keep their data safe and I’d personally like to say sorry to all those customers impacted - we’ll be doing what we can to support you through this.
“We will continue to invest in protecting our customers, our systems, and our data.” South Staffs Water is a privately-owned water supply company that serves parts of the West Midlands and Staffordshire.