Thousands of Southern Water’s customers have had their data stolen in a cyber attack, the company has announced.
Southern said that the cyber attack is believed to have affected between 5% and 10% of its customer base.
The water company provides water services to 2.5 million customers and wastewater services to more than 4.7 million customers across Sussex, Kent, Hampshire and the Isle of Wight.
The cyber attack has also compromised data relating to current and former employees.
A Southern Water spokesperson said: “Data from a limited part of its server estate was stolen and is at risk following an illegal intrusion into our IT systems. We are very sorry that this has happened.
“We continue to work with our expert technical advisers to confirm whose data is at risk.”
In an email to customers, Southern said that data including names, dates of birth, national insurance numbers, bank account details and reference numbers could have been stolen.
The company said it had been monitoring suspicious activity on the dark web since it was named on a cyber crime website last month.
The Black Basta ransomware group claimed the attack and published some data it stole, which included:
- Scans of identity documents such as passports and driving licenses
- HR-related documents, displaying the personal data including home address, office address, dates of birth, nationalities, and email addresses
- Corporate car-leasing documents
A Southern Water spokesperson added: “We have engaged leading independent cybersecurity experts to monitor the dark web.
“They continue to report to us that, since we were named on the cyber criminals’ site on 22 January 2024, they have found no new evidence of the data potentially involved in this cyber incident being published online.
“They will continue to carry out their checks for as long as is necessary.”
The government, Ofwat and the National Cyber Security Centre, as well as the Information Commissioner’s Office have all been notified of the attack.
Since the incident, Southern said its IT security teams have worked with independent incident response experts, using enhanced monitoring and protection tools to check for any suspicious activity.
The firm added that its operations and services will not be impacted by the data breach.