Up to 10% of Southern Water customer data stolen by bitcoin ransom group
Southern Water, one of the largest water firms in the UK, says that up to 10% of its customers’ data may have been stolen in a large-scale hack last month by a group reportedly responsible for $100 million in bitcoin ransoms.
The firm, which is responsible for supplying water to at least seven million customers, was reportedly hacked by ransomware collective Black Basta around January 22.
The hackers claimed to have stolen 750 gigabytes of sensitive data, including passports, driving licenses, employee information, and corporate documents.
The water provider confirmed at the time of the hack that a sample of stolen data had been published, but added that “there is no evidence that our customer relationships or financial systems have been affected.” It also flagged the issue to the UK government and regulators.
However, in today’s update, the firm confirmed that between five and 10% of its more than seven million customers, along with a number of its current and former employees, have had their data stolen.
Bitcoin ransomware gang claims to have hacked major UK water provider
Read more: Cop allegedly stole 81 bitcoin from drug dealer’s Trezor wallet
Southern Water said it was “very sorry that this has happened,” and noted that it had hired “leading independent cybersecurity experts.” It also said it believes that no more data has been leaked online since the hack. The firm also offered affected customers 12 months of free “Experian credit monitoring.”
Black Basta reportedly threatened Southern Water and said it had six days to pay a ransom or it would publish the stolen data on February 29.
While the company has not confirmed or denied whether any ransom has been paid, it has been removed from Black Basta’s leak blog — usually a sign that a ransom has been paid.