Bank details may have been stolen in cyber attack

The company says it's contacting those affected

Author: Jo RawlingsPublished 13th Feb 2024
Last updated 13th Feb 2024

It's feared personal information, including bank details, may have been stolen in a cyber attack on Southern Water.

Bosses say they're contacting those customers affected, which we're told is between 5 and 10%.

Southern Water, which has 4.6 million customers in Hampshire, the Isle of Wight, Sussex and Kent, has confirmed it was targeted last month.

The company says independent cybersecurity experts are monitoring the “dark web” but so far they've found no evidence of the data being published online.

Police, the National Cyber Security Centre and Information Commissioner's Office have been told.

In a statement, Southern Water said: "We have confirmed that data from a limited part of Southern Water’s server estate was stolen and is at risk following an illegal intrusion into our IT systems. This arises from our ongoing investigation into suspicious activity, as detailed in our statement on 23 January 2024.

"We are very sorry that this has happened.

"We continue to work with our expert technical advisers to confirm whose data is at risk. Our initial assessment is that this is the case for some of our customers and current and former employees.

"We have engaged leading independent cybersecurity experts to monitor the “dark web”. They continue to report to us that, since we were named on the cyber criminals’ site on 22 January 2024, they have found no new evidence of the data potentially involved in this cyber incident being published online. They will continue to carry out their checks for as long as is necessary.

"We take data protection and information security very seriously and, in accordance with our regulatory obligations, we are making contact with anyone whose personal data may be at risk.

"These notifications will offer security advice, as well as guidance on recommended precautionary steps and details of the support we are offering them.

"Throughout this process we have been working with Government, our regulators and the National Cyber Security Centre. We have also notified the police and the Information Commissioner's Office.

"Since the incident, our IT security teams have worked with independent incident response experts, using enhanced monitoring and protection tools to check actively for any suspicious activity on our IT estate. Southern Water’s operations and services to customers have not been impacted."

First for all the latest news from across the UK every hour on Hits Radio on DAB, at hitsradio.co.uk and on the Rayo app.