UK’s Southern Water reports huge leak - hundreds of thousands of customer’s data stolen by hackers

Data leak
(Image credit: Shutterstock)

Up to 470,000 UK customers of water provider Southern Water may have had their data stolen by hackers, the company has warned.

While investigations into exactly how many customers have been affected are still ongoing, Southern Water released a statement saying that they are planning to notify “5 to 10 percent” of its customers.

A BBC report said included in the stolen data were customers’ bank account details and reference numbers, national insurance numbers and dates of birth. Southern Water has not commented on exactly what data has been stolen.

Another data leak? Dam it!

A statement from Southern Water spokesperson Simon Fluendy confirmed to TechCrunch that between 235,000 to 470,000 of its 4.7 million customers' data had been stolen in the breach.

The company also plans to notify its 6,000 current employees and a number of former employees whose data may have also been stolen by the hackers.

While Southern Water has not commented on how their networks were breached, shortly after the incident a cyber-gang known as Black Basta posted that they had stolen 750 gigabytes of data from the company, and would release it if a ransom was not paid.

The gang also posted images supposedly confirming their possession of the data which included sensitive information such as employee passports.

Southern Water has said that it is working with experts to determine the extent of the damage and has notified the Information Commissioner's Office (ICO) about the incident. The ICO and the National Cyber Security Centre recently released a joint letter urging members of the public to not pay ransoms if their data is stolen.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but also likes to draw on his knowledge of geopolitics and international relations to understand the motivations and consequences of state-sponsored cyber attacks. Benedict has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham.