South Staffordshire Water Plc and South Staffordshire Plc were fined £963,900 after a cyberattack exposed the personal data of 663,887 customers and employees, with the ICO confirming the leaked data was authentic. The breach began with a phishing attack in 2020, went undetected for 20 months, and involved malware that led to privilege escalation and domain administrator access. #SouthStaffordshireWaterPlc #SouthStaffordshirePlc #ICO #Cl0p
Keypoints
- The ICO fined South Staffordshire Water Plc and South Staffordshire Plc £963,900 for a major data breach.
- The attack exposed personal data of 663,887 customers and employees.
- The breach began with phishing and malware installation in September 2020.
- Attackers later escalated privileges and gained domain administrator access.
- Security failures included weak monitoring, obsolete software, and poor patch management.