A UK water company, South Staffordshire Water, was fined £963,900 by the Information Commissioner's Office (ICO) for failing to detect and respond to a cyberattack that lasted nearly two years. The Cl0p ransomware group infiltrated the company's systems, resulting in the exposure of personal data belonging to 633,887 customers and employees in August 2022. The ICO's investigation revealed that the company's inadequate security measures allowed the hackers to remain undetected for an extended period1. The fine highlights the importance of implementing robust cybersecurity controls to prevent and detect attacks. The prolonged duration of the breach and the significant amount of sensitive data exposed underscore the severity of the incident. This incident matters to cybersecurity practitioners because it emphasizes the need for continuous monitoring and incident response planning to mitigate the impact of cyberattacks and protect sensitive data.
UK water company allowed hackers to lurk undetected for nearly two years, regulator finds
⚡ High Priority
Why This Matters
The Information Commissioner's Office (ICO) fined South Staffordshire Water £963,900 ($1.3 million) on Monday over an attack by the Cl0p ransomware group that led to the personal.
References
- The Record. (2026, May 11). UK water company allowed hackers to lurk undetected for nearly two years, regulator finds. The Record Cyber. https://therecord.media/uk-water-company-had-hackers-lurking-for-years
Original Source
The Record Cyber
Read original →