Tue, 12 May 2026
The hack went undetected by the Staffordshire firm for 20 months, regulator says.
* A water company, South Staffordshire, has been fined £963,900 by the Information Commissioner's Office (ICO) after a cyber attack in 2020.
* The hack took place between May and July 2022 and resulted in the theft of personal data belonging to 633,887 people.
* The hackers used a phishing email to gain access to the company's systems, which remained undetected for 20 months.
* The breach was discovered when IT performance issues prompted an internal investigation on 15 July 2022.
* The ICO found that South Staffordshire failed to bring in adequate security controls and allowed the hackers to operate largely undetected due to minimal monitoring of their activities.
* The company reported a personal data breach and discovered more than 4.1 terabytes of data were published on the dark web, including bank details of customers and National Insurance numbers of staff.
* South Staffordshire made an early admission of liability and agreed to pay the penalty without appeal.
Terms of Use | Privacy Policy | Manage Cookies+ | Ad Choices | Accessibility & CC | About | Newsletters | Transcripts
Business News Top © 2024-2025