"Utility operator South Staffordshire Plc and its subsidiary South Staffordshire Water Plc have been fined a reduced rate of £964,900 by the Information Commissioner's Office (ICO), following improvements made after a Cl0p ransomware attack that led to the personal data of over 600,000 people being leaked onto the dark web."
"The exposed data included personal details of South Staffordshire customers, such as full names, birthdates and gender information, account information including credentials for online services, financial data including bank account numbers and sort codes, and contact details including email and postal addresses, and phone numbers."
"A small percentage of customers listed on the Priority Service Register had information exposed from which medical information may have been inferred, and a small number of employees were also affected by a leak of human resources data including National Insurance numbers."
"“Customers do not have the choice over which water company serves them - they are required to share their personal information and place their trust in that provider,” said Ian Hulme, ICO interim executive director for regulatory supervision. “It is therefore essential that water companies honour that trust by taking their data protection responsibilities seriously.”"
A Cl0p ransomware attack against South Staffordshire Plc and South Staffordshire Water Plc was discovered in August 2022. The attackers initially misidentified the victim and claimed they were targeting Thames Water, with claims repeated widely in UK media. The exposed information included customers’ full names, birthdates, gender, account credentials for online services, financial details such as bank account numbers and sort codes, and contact details including email, postal addresses, and phone numbers. Some Priority Service Register customers had data from which medical information could be inferred. A small number of employees had human resources data exposed, including National Insurance numbers. The ICO found significant failures in data security and imposed a reduced fine of £964,900 after improvements were made.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]