A statement by Southern Water on 12th February 2024 confirmed that it was the target of a cyber attack which put hundreds of thousands of customers’ and employees’ data at risk. In this article, we discuss the Southern Water data breach, compensation claims, and what you can do if you believe your data has been compromised.
Public Interest Lawyers are experts in the field of data breach compensation claims. In this guide, we provide useful advice on securing your personal data and also outline how we help clients claim on a No Win No Fee basis.
Key Takeaways
- Southern Water announced in January 2024 that it was investigating reports of suspicious activity.
- They released a further statement in February 2024, revealing that an illegal cyber attack had been carried out on their IT systems.
- Early estimates indicate that up to 500,000 customers and more than 2,000 of Southern Water’s current and former employees were impacted.
- Southern Water swiftly notified those they believed were at risk.
- The data breach has not affected Southern Water’s services.
What Happened In The Southern Water Data Breach?
Southern Water informed the public in a statement on 23rd January 2024 that it was aware of claims that data had been stolen from its IT systems.
They indicated that suspicious activity had been detected before that time and that an investigation had been launched.
On 12th February, they confirmed that an “illegal intrusion” had occurred and that five to 10 per cent of their customer base would be informed that their personal data was impacted. Southern Water also notified their current employees, as well as some previously employed by the company.
As the main water provider for Kent, Sussex, Hampshire and the Isle of Wight, Southern Water delivers essential water services to 2.7 million customers. It is the wastewater service handler for around 4.7 million people too.
Based on these figures, The Telegraph estimated that around 500,000 customers had been affected by the Southern Water data breach.
As reported by multiple sources including Securityaffairs.com, the Black Basta ransomware gang claimed responsibility for the cyber attack in January 2024. It was also reportedly behind attacks on South Staffordshire Water and the outsourcing firm Capita in 2022 and 2023 respectively.
Southern Water stated:
“We are very sorry that this has happened. We continue to work with our expert technical advisers to confirm whose data is at risk. Our initial assessment is that this is the case for some of our customers and current and former employees.”
They have also flagged the incident with the Information Commissioner’s Office (ICO), an independent body that upholds UK citizens’ data rights.
They have not confirmed exactly how many people were affected, and whether the stolen data remains available online.
However, Southern Water assured customers and stakeholders that its regular services are unaffected and operating as normal.
Whose Data Was Impacted By The Cyber Attack?
Technology news site The Register reported that Black Basta claimed to have stolen 750GB of personal data.
No definite figures have been published. However, it is understood that up to 500,000 Southern Water customers were affected.
Data belonging to around 2,000 employees is also believed to be at risk. Furthermore, an unspecified number of ex-employees have also been informed that their data was compromised.
What Sort Of Data Could Have Been Compromised?
Southern Water stores many types of personal data belonging to customers and employees. This will include basic information such as their:
- Name.
- Address.
- Email address.
- Phone number.
- Date of birth.
- National Insurance number.
Financial data may also be stored, like:
- Bank account numbers.
- Sort codes.
- Card information.
- Utility bills with financial information attached.
Employees in particular may have what the ICO defines as ‘special category’, or particularly sensitive data, stored in the company’s systems. Personal data compromised may include:
- Forms of identification such as a passport photo.
- HR documents.
- Personal information such as trade union membership.
How Could The Breach Affect Those At Risk?
Our panel’s specialist data breach solicitors are often approached by clients who experienced the effects of a personal data breach in different ways.
Some may suffer a psychological injury as a result of the breach. The knowledge that personal data is available online can lead to undue stress, anxiety or depression. A data breach can even be a threat to some people’s safety, depending on who can access it. The emotional harm is known in legal terms as non-material damage.
Alternatively, a personal data breach can cause financial loss. It is possible that a data breach can lead to hackers taking credit in an affected customer’s name. Data breach lawyers may refer to this as material damage.
Southern Water has confirmed that customers affected by the data breach will be given a 12-month subscription to enhanced credit monitoring by Experian, which is designed to help protect them from credit fraud.
It is possible to claim for one of the two types of damage or both. However, it is important to note that even if you were affected by the Southern Water data breach, compensation is not guaranteed.
You can learn more by calling the number at the top of this page today.
What You Can Do If Affected By The Southern Water Data Breach
Southern Water was required to inform affected individuals without delay in accordance with the Data Protection Act 2018 and the UK’s General Data Protection Regulation (UK GDPR.)
If you were affected, you should have received a data breach notification letter or email from Southern Water. The notification would explain that your data has been compromised, identify what data is at risk, and talk you through how they are dealing with the issue.
You do not need to report the breach to the ICO, as Southern Water have done so already. However, you can talk to them if you have any concerns with how the investigation is being handled, or if you believe you were affected by the data breach but have not been notified.
It’s worth contacting your bank if you received a letter of notification. The bank can provide advice on securing your account or changing your account to prevent financial fraud.
If you are struggling emotionally, expert support is available. You can discuss your anxiety, fear or panic with the NHS or another healthcare provider to get the support you need.
Also, you can contact us to discuss the Southern Water data breach or compensation claims. Our advisors provide round-the-clock free guidance for anyone, including those affected by the breach.
Further Guidance On The Southern Water Data Breach And Compensation Claims
You may have a valid Southern Water data breach compensation claim if you can show there was positive wrongful conduct on the organisation’s part that led to you suffering one or a combination of material and non-material damage.
If an expert solicitor from our panel finds that you have a valid claim, they could support your case under No Win No Fee terms. This arrangement means that you pay nothing in legal fees before or during the claim.
You would only pay a fee if the claim succeeds and you receive compensation. The percentage of your compensation that can be taken by a solicitor is capped at a minority level by law.
If you have any questions about the cyber attack on Southern Water and your legal rights if you have been affected, you can contact us online. Alternatively, reach an advisor by calling 0800 408 7825 today.
More Data Breach Guidance From Public Interest Lawyers
If you want more information after learning of the Southern Water data breach about compensation claims, we have numerous guides such as the ones below:
- Information on claims for a breach of UK GDPR by a data controller or processor.
- Details on claiming for depression caused by a personal data breach.
- Guidance for employees on what to do if their employer breached the UK GDPR and when they can claim compensation.
Sources
The Telegraph: https://www.telegraph.co.uk/business/2024/02/13/southern-water-warns-up-to-500000-customers-that-russia-lin/#:~:text=Southern%20had%20originally%20claimed%20it,m%20water%20and%20wastewater%20customers.
The Register: https://www.theregister.com/2024/01/23/southern_water_confirms_cyberattack
Security Affairs: https://securityaffairs.com/157951/cyber-crime/black-basta-gang-claims-the-hack-of-the-uk-water-utility-southern-water.html