Southern Water, the UK-based water supplier serving around 4.6 million customers across Southern England, recently confirmed that it experienced a data breach following an alleged attack by the Black Basta ransomware group. In a post on January 23, 2024, the company admitted that “a limited amount of data has been published” by cybercriminals. The leaked information included scans of identity documents such as passports and driving licenses, HR-related documents with personal data, and corporate car-leasing documents.
Despite the breach, Southern Water emphasized that its usual services have not been impacted by the incident. The company also stated that it has informed the UK government and relevant regulators, such as the Information Commissioner’s Office (ICO), about the incident, and is continuing its investigation in line with guidance from the National Cyber Security Centre (NCSC).
Responding to concerns about the breach, Southern Water provided a statement on its social media account, reassuring customers that there was no evidence that the firm’s customer relationships or financial systems had been affected.
Cybersecurity experts, including Jamie Akhtar, Co-Founder, and CEO at CyberSmart, commented that the breach could be the result of a supply chain attack, as some of the leaked documents are branded with Greensands logos, the parent company of Southern Water.
Black Basta, the Russian-speaking ransomware group responsible for the attack, has been identified as one of the most prolific ransomware actors in recent years. The group has made over $100 million from ransomware attacks, according to an analysis published by Corvus Insurance in November 2023.
The incident involving Southern Water reflects a broader trend of increasing cyber-threats targeting critical infrastructure in the water sector. The attacks on Southern Water and Veolia Water, a North America subsidiary, have raised alarms about the vulnerability of the water industry to cyber-threats. Recent warnings from security agencies such as the UK’s NCSC and the US’ Cybersecurity and Infrastructure Security Agency (CISA) have highlighted the urgent need for water firms to modernize their cybersecurity practices and apply best practice security measures.
Geoffrey Mattson, CEO of Xage Security, noted that sectors like water are particularly vulnerable to cyber-attacks due to the reliance on legacy operational technology (OT) systems that have limited cybersecurity capabilities built in. The urgency to implement preventive security measures in critical infrastructure sectors like water has been underscored by security experts.
The recent incident involving Southern Water underscores the importance of proactive and robust cybersecurity measures in safeguarding sensitive customer data and ensuring the security and resilience of essential services in the water sector. As the digital threat landscape continues to evolve, water companies are facing a pressing need to modernize their cybersecurity practices and mitigate the risks posed by sophisticated cyber-threats.