South Staffs Water - Customers Criminal Cyber-Attack.

Hi, I have today received notification from South Staffs Water that due to a cyber attack back in August that my banking details and personal details are now accessibly via the dark web to criminals. The letter is 6 pages long. One piece of advice is for me to pay £25 to set up Protective Registration with CIFAS. This informs lenders that you think your data could be at risk of fraud, due to this cyber attack. Should I, as the customer, be able to get this paid for by South Staffs? It is no faulty of mine after all? Any feedback be welcome.
«13

Comments

  • Swipe
    Swipe Posts: 4,987
    Name Dropper First Post First Anniversary
    Forumite
    I would push for them to pay for it. If you get no joy, take it up with your MP.
  • DullGreyGuy
    DullGreyGuy Posts: 8,983
    First Anniversary First Post Name Dropper
    Forumite
    Are they offering compensation of £25 or more? In which case its not too unreasonable to say that the compensation should be used to fund the CIFAS registration if you decide to use it. 
  • Evening All,

    I am after some advice about this, please. I received the letter today and just read through it. No apology for the breach, just almost blaming us, the customer and what steps WE can take to avoid fraudulent activity!!!! The letter says that the "impacted data" included names and address of customers - alongside sort codes and account numbers.

    On their company website, the managing director 'apologised' for the incident, although the letter expressed "regret" and did not actually say sorry. It then goes on to say "Consumers can have complete confidence that the water we supply is safe." !!!!! WHAT!!!!! It's not the water that has been hacked, it's our personal financial details.

    The letter is very frustrating. The managing director keeps trying to minimise the issue and even takes the opportunity to remind customers to 'always be vigilant of fraud and wary of anyone who asks you for personal information.' !!!!!!!!!!!!!!!!!!!!!!!!

    The letter said: "The investigation found data related to some of our current customers who pay for their water bill via direct debit was accessed by the group responsible for the attack and was subsequently published on the part of the internet not accessible via search engines - known as the dark web."

    I mean, where do I stand legally? Is there anything that can be done, or have they covered themselves from a GDPR point of view in terms of following the steps necessary, whatever they are?

    Kind Regards,

    Patrick.



  • billy2shots
    billy2shots Posts: 1,122
    First Anniversary First Post Name Dropper
    Forumite
    Evening All,

    I am after some advice about this, please. I received the letter today and just read through it. No apology for the breach, just almost blaming us, the customer and what steps WE can take to avoid fraudulent activity!!!! The letter says that the "impacted data" included names and address of customers - alongside sort codes and account numbers.

    On their company website, the managing director 'apologised' for the incident, although the letter expressed "regret" and did not actually say sorry. It then goes on to say "Consumers can have complete confidence that the water we supply is safe." !!!!! WHAT!!!!! It's not the water that has been hacked, it's our personal financial details.

    The letter is very frustrating. The managing director keeps trying to minimise the issue and even takes the opportunity to remind customers to 'always be vigilant of fraud and wary of anyone who asks you for personal information.' !!!!!!!!!!!!!!!!!!!!!!!!

    The letter said: "The investigation found data related to some of our current customers who pay for their water bill via direct debit was accessed by the group responsible for the attack and was subsequently published on the part of the internet not accessible via search engines - known as the dark web."

    I mean, where do I stand legally? Is there anything that can be done, or have they covered themselves from a GDPR point of view in terms of following the steps necessary, whatever they are?

    Kind Regards,

    Patrick.



    How much do you want?
  • I mean, where do I stand legally? Is there anything that can be done, or have they covered themselves from a GDPR point of view in terms of following the steps necessary, whatever they are?
    The ICO will oversee their response to the data breach. They have reported to the ICO, they will be fined, they will have to change/upgrade their systems, they may be required to provide CIFAS protective registration to people who were part of the data breach. 

    What you do is keep an eye on your credit files as everyone should do and carry on as normal. 
  • FreedomBringsPeace
    FreedomBringsPeace Posts: 98
    First Anniversary Name Dropper First Post
    Forumite
    edited 13 January 2023 at 12:31PM
    Apparently tberes been a serious data breach at south staffordshire water. Alot of staff and customers data is now visible on the dark web, im quite concerned about this. What do i do if anything? 
  • You don't need to do anything.
  • CKhalvashi
    CKhalvashi Posts: 12,031
    First Anniversary First Post Photogenic Name Dropper
    Forumite
    If you are personally affected it will be recommended to change any passwords, including those that use the same login details as those for your water account.

    In future I'd recommend using a throwaway email account that forwards to your main one to ensure you are free from spam, I've done this for years.

    Other than this at this stage there isn't a lot that can be done.
    💙💛 💔
  • p00hsticks
    p00hsticks Posts: 12,573
    First Post Name Dropper Photogenic First Anniversary
    Forumite
    Have you actually received a letter from South Staffs Water ?
    I understand from this article that they've written to al lthose customers potentially affected advising them what steps to take.
    (From this report it, It sounds like a bit of a botch job on the part of the hackers - they actually hacked South Staffs but made their ransom demand to Thames water, and were then bemused when Thames didn't respond to them!)  

  • Keep_pedalling
    Keep_pedalling Posts: 16,125
    First Anniversary First Post Name Dropper Photogenic
    Forumite
    I had the letter this morning (Cambridge Water customer). Not worried about passwords as I don’t have have one with them. 
Meet your Ambassadors

Categories

  • All Categories
  • 341.4K Banking & Borrowing
  • 249.6K Reduce Debt & Boost Income
  • 449K Spending & Discounts
  • 233.5K Work, Benefits & Business
  • 605.5K Mortgages, Homes & Bills
  • 172.3K Life & Family
  • 246.5K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards