Financial data belonging to customers of the British water supply company Cambridge Water have been exposed following a cyberattack. The UK data breach has resulted in customers’ banking details being published on the dark web.

Data breaches involving financial details can put consumers at considerable risk. Following any incident involving banking information, data subjects are always advised to update their credentials immediately and use a credit monitoring service to ensure they do not become the victim of fraud. Additionally, they should be mindful of any communications regarding their financial details, as banks and credit card companies will not request confidential financial information over email.

Cambridge Water customers alarmed

Customers of the water supply company have been left angry and alarmed after discovering that their, names, home addresses, bank account numbers and sort codes are among the financial data stolen by threat operators. The Cambridge Water customer data was stolen when South Staffordshire plc., its parent company, was hit by a cyberattack back in August this year.

Cambridge Water has reached out to affected customers and offered support services by way of assistance. In a letter written to its customers, the water supplier warned that criminals might try and use their compromised data to conduct fraud. It stated specifically that attackers might submit fraudulent direct debit orders to customers’ banks or building societies using the exposed data.

In a recent statement, Cambridge Water’s managing director, Andy Willicott, gave a personal apology to all the company’s customers impacted, noting that he understood that they trust the company with their sensitive information. He added that Cambridge Water has been working alongside specialists to work out specifically what has been published, but this process will take time as it is not a straightforward one.

Actions following a data breach

The water supplies provided by Cambridge Water were not affected by the attack on its parent company. The supplier has informed customers that South Staffordshire took steps immediately to manage and then respond to the attack after it had been detected. However, this action was still too late to stop the data breach disclosing their personal and financial information.

Customers were told that the parent company has enlisted the services of leading experts in IT forensics to investigate the incident and had also notified Ofwat, the NCSC, the ICO, the National Crime Agency, and the Consumer Council for Water along with the Drinking Water Inspectorate.

Many customers took to social media voicing their dissatisfaction with the apologies offered by the water company. Additionally, there has also been serious concern from the company’s customers regarding the length of time that was taken to notify them about what data was stolen and when it was published, given that the incident occurred several months ago over the summer.

The Cambridge Water Company has now set up a helpline for its customers, open from 8:00 am to 6:00 pm on weekdays, and has provided them with free access to credit monitoring for one year.