ACCORDING to the Information Commissioner’s Office (ICO), utility company South Staffordshire Water was fined £963,900 after a cyber attack that led to users’ personal information being extracted and published on the dark web. The ICO said the breach occurred from September 2020 to July 2022 and exposed the data of 633,887 customers and employees. The regulator found that South Staffordshire Water failed to implement appropriate security controls required under UK data protection law. The fine was issued last week, on 7 May 2026. The breach was identified when IT performance issues prompted an internal investigation on 15 July 2022.
UK: Regulator fines water company almost £1m for cybersecurity failures
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
South Staffs Water breach victims feel violated after £963k fine
databreaches.net
-
UK: Regulator fines water company almost £1m for cybersecurity failures
-
UK Water Firm Fined Nearly £1m After Massive Customer Data Breach
infosecurity-magazine.com