Express & Star

South Staffs Water reveals bank account details targeted in cyber attack

South Staffs Water revealed today that customer bank details were targeted in a major criminal cyber attack.

Published
Last updated
The main water provider in Staffordshire was targeted by a criminal cyber-attack

South Staffordshire PLC, the parent company of South Staffs Water and Cambridge Water, announced the attack via a statement.

South Staffs Water provides drinking water to approximately 1.3m people and has a head office in Walsall.

The mass hack took place on August 16 by criminal hackers who accessed various areas including the IT admin systems.

The water treatment company has now confirmed that customer information, including direct debit payment information, was also targeted and potentially leaked online.

A statement released by the water company said that customers who pay their water bills by direct debit may be impacted, while customers who do not pay by direct debit would not be.

Andy Willicott, managing director of South Staffs Water, said: "We understand that customers trust us to keep their data safe and I'd personally like to say sorry to all those customers impacted.

"We'll be doing what we can to support you through this."

The information comes after the supposed hackers released an unverified statement saying that they had accessed the plant's water control system.

Mr Willicott continued: "We continue to supply safe water to all of our South Staffs Water customers. Our customer service, operations and maintenance teams also continue to operate as usual.

"We will continue to invest in protecting our customers, our systems, and our data."

In a letter, given to customers who the attack may have affected, South Staffs Water notes the impacted data as, name and current address, bank details of those who pay by Direct Debit and personal details relating to providing clean water.

A disgruntled Wolverhampton customer, who wanted to remain anonymous, said: "The main concern I have is that a bogus direct debit mandate could be created using the stolen customer details.

"My feeling is that these attacks may not form part of the bank's anti-fraud measures, but we'll have to see."

The organisation has now put in place a support package for customers who have been affected, including a dedicated helpline for inquiries and questions.

The investigation previously launched by South Staffs Water is still ongoing, with the organisation working closely with the police and with relevant government bodies.