{
	"id": "3cb4b02a-0f27-4198-93be-e69fb6431891",
	"created_at": "2026-04-06T01:30:30.507861Z",
	"updated_at": "2026-04-10T13:12:35.828014Z",
	"deleted_at": null,
	"sha1_hash": "31ed84c76038a269c5a1d4e85500ee7d21fdeda2",
	"title": "Ransomware group may have stolen customer bank details from British water company",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 86360,
	"plain_text": "Ransomware group may have stolen customer bank details from\r\nBritish water company\r\nBy Alexander Martin\r\nPublished: 2023-01-09 · Archived: 2026-04-06 00:29:27 UTC\r\nSouth Staffordshire Water, which supplies water for more than 1.7 million people in England, has said that an\r\nattempted ransomware attack in August may have enabled cybercriminals to steal customer bank details.\r\nAt the time of the incident the company stressed that water supply was not affected, although its corporate\r\nnetwork was experiencing disruptions. The company said in an update on Wednesday that customers who paid by\r\ndirect debit may have had their bank details stolen.\r\n“Since the incident, we’ve been working with leading forensic experts to investigate fully what happened. Our\r\ninvestigation has now found that the incident resulted in unauthorized access to some of the personal data we hold\r\nfor a subset of our customers,” the company announced.\r\nThe affected details include the names and addresses associated with customers’ accounts as well as the bank\r\ndetails (account numbers and sort codes) used to set up direct debit payments. South Staffs said it is writing letters\r\nto the affected customers.\r\nThe company also said it had notified a number of regulatory bodies, including the National Crime Agency,\r\nNational Cyber Security Centre, and the water services regulation authority Ofwat.\r\nWater suppliers are required to report cybersecurity incidents to Ofwat under the U.K.’s Network and Information\r\nSystems (NIS) Regulations. However, the reporting obligation only applies to incidents which ultimately impact\r\nwater supply, which the ransomware attack did not. The government announced yesterday it would update the\r\nlegislation so that service providers would need to notify regulators “of a wider range of incidents.”\r\nThe attack on South Staffs Water was one of several ransomware incidents in the U.K. which have dominated\r\nrecent Cabinet Office Briefing Rooms (COBR) meetings, bringing in officials from across government to assess\r\nthe risks they pose to critical services.\r\nThe Cl0p ransomware group, which appears to be behind the attack, bungled its initial extortion attempt targeting\r\nSouth Staffs back in August when the hackers mistakenly claimed to have accessed a different water company’s\r\nnetwork.\r\nThe group’s leak site also claimed that the hackers decided not to encrypt the company’s files and that they were\r\ndemanding an extortion payment to prevent the release of stolen data and to disclose how they managed to access\r\nthe company’s network.\r\nLaw firm Hayes Connor said it is currently working with 18 of the company’s employees “who have been affected\r\nby this data breach, with more clients expected to make a claim.”\r\nhttps://therecord.media/ransomware-group-may-have-stolen-customer-bank-details-from-british-water-company/\r\nPage 1 of 3\n\n“The information that we have received regarding the South Staffordshire Water data breach is very concerning.\r\nWhen a company of such large scale experiences a data breach, it means a significant amount of personal data is\r\nlikely at serious risk of being misused,” said Richard Forrest, the firm’s legal director. \r\n“When financial data is in jeopardy, individuals can fall victim to identity or takeover fraud. Criminals can then\r\nuse this information to extract funds from the victim's bank account, as well as buy products and services, leading\r\nto both financial loss and emotional distress.”\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/ransomware-group-may-have-stolen-customer-bank-details-from-british-water-company/\r\nPage 2 of 3\n\nAlexander Martin\r\nis the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and a fellow\r\nat the European Cyber Conflict Research Initiative, now Virtual Routes. He can be reached securely using Signal\r\non: AlexanderMartin.79\r\nSource: https://therecord.media/ransomware-group-may-have-stolen-customer-bank-details-from-british-water-company/\r\nhttps://therecord.media/ransomware-group-may-have-stolen-customer-bank-details-from-british-water-company/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/ransomware-group-may-have-stolen-customer-bank-details-from-british-water-company/"
	],
	"report_names": [
		"ransomware-group-may-have-stolen-customer-bank-details-from-british-water-company"
	],
	"threat_actors": [],
	"ts_created_at": 1775439030,
	"ts_updated_at": 1775826755,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/31ed84c76038a269c5a1d4e85500ee7d21fdeda2.pdf",
		"text": "https://archive.orkl.eu/31ed84c76038a269c5a1d4e85500ee7d21fdeda2.txt",
		"img": "https://archive.orkl.eu/31ed84c76038a269c5a1d4e85500ee7d21fdeda2.jpg"
	}
}