Skip to Primary Navigation

ICO fines water company $1.3m for data breach after cyber attack

Tap water running into a glass
The company received a 40% reduction to the fine after voluntary settlement. Photo: Justin Sullivan/Getty Images

Serious cyber attack resulted in the personal information of 633,887 people being extracted and published on the dark web, according to the regulator.

The UK’s information regulator has fined a water company £963,900 ($1.3m) after a serious cyber attack led to the personal data of over 633,000 customers and employees being compromised. The breach took place between 2020-2022.

The unauthorized access to data at South Staffordshire Plc and South Staffordshire Water Plc (together South Staffordshire)

Get full access, free for a month

This is a Premium article. Start your 28-day free trial to continue reading and access all content on GRIP – no payment details required.

What’s included:

  • Every new article, plus our 5,000+ archive
  • Daily regulatory insight and guidance
  • Exclusive interviews and in-depth analysis
  • Coverage of industry-leading events and conferences
  • All podcasts and videos, featuring industry experts
  • The full set of Rules Navigator tools
  • An ad-free experience