Southern Water, responsible for managing the UK’s water and waste facilities, made an official statement on February 12, 2024, revealing the impact of a ransomware attack that occurred in the second week of January. The breach potentially affected approximately 5% to 10% of its customer base due to a data leak.
The group behind the attack, known as the Black Basta ransomware syndicate, has claimed responsibility for the breach. They have informed the company that unless a ransom is paid, they intend to expose the data of 500,000 users on the dark web by February 29th, 2024.
Efforts are underway to address the risks associated with the attack, with technical experts working to mitigate its impact. Sources within the company suggest that the hackers are demanding $10 million in cryptocurrency in exchange for decrypting the stolen data.
It remains uncertain whether the management will engage in negotiations with the hackers or opt to restore the encrypted data from backup systems. Additionally, a team of specialists is actively monitoring the dark web for any signs of data leaks.
The National Cyber Security Centre (NCSC), a division of GCHQ, and the Information Commissioner’s Office (ICO) have launched separate investigations into the incident.
Incidents like this underscore the growing threat posed by hackers targeting critical infrastructure worldwide. Such attacks not only instill fear among citizens but also have the potential to escalate into geopolitical conflicts.
Despite the breach, Southern Water reassures the public that neither its supply nor services have been disrupted, as the hackers failed to breach the core server infrastructure.
Southern Water provides essential services to over 2.5 million customers and waste water services to approximately 4.7 million customers, underscoring the significance of safeguarding against cyber threats in the utilities sector.