Fears South Staffs Water cyber attack victims’ bank details could be ‘available on dark web’
Victims of a cyber attack fear their details could be available on the dark web after employee payroll details were targeted, solicitors have said. South Staffs Water revealed in August it had been targeted in a cyber attack.
Now solicitors at Hayes Connor have said they are currently working with 18 employees who have been affected by the attack, adding that they fear becoming the target of identity fraud. The water company supplies drinking water to 1.3 million people across the county, including in Burton and Uttoxeter.
Richard Forrest, legal director at Hayes Connor said that in a letter written to employees and customers, the company confirmed that personal data, including bank details, had been compromised following a substantial cyber-attack. The identified documents are believed to include employee and customer names, current addresses, and bank details of those who pay by direct debit.
He added that the solicitors understand that the data stolen in the cyber attack is believed to be visible on the dark web, posing a significant threat to any individuals affected, he claimed.
Mr Forrest said: "The information that we have received regarding the South Staffordshire Water data breach is very concerning. When a company of such large scale experiences a data breach, it means a significant amount of personal data is likely at serious risk of being misused.
"When financial data is in jeopardy, individuals can fall victim to identity or takeover fraud. Criminals can then use this information to extract funds from the victim's bank account, as well as buy products and services, leading to both financial loss and emotional distress.
"It is also worrying that there has been no indication as to how many individuals have been affected so far, especially when you consider the size of the company, and that former employees and customers may also be impacted."
The team at Hayes Connor has advised victims to report any fraudulent credit card activity to the police, to contact their bank immediately for advice, and seek repayment for any lost funds.
A spokesman for South Staffs Water said: "In August we announced that South Staffordshire PLC, the parent company of South Staffs Water and Cambridge Water, had been the target of a criminal cyber attack. We’ve been working with leading forensic experts to investigate fully what happened.
"We notified employees in September after the investigation identified that payroll data had been impacted so that we could provide appropriate support. Since then, the investigation has continued and data relating to some of our customers has also been identified, which is why we’ve notified some customers.
"We have put a full package of support in place, first for our employees and then our customers, including free access to a credit monitoring service for a year. This support is ongoing and we continue to keep our staff updated as our investigation progresses.
"We understand that people trust us to keep their data safe and we’re sorry to all those impacted, who we are committed to supporting as best we can. We will continue to invest in protecting our employees, customers, and systems."