ICO Fines South Staffordshire Water Following Long-Term Breach
The UK's Information Commissioner's Office has fined South Staffordshire Water £963,900 after a 2020 phishing attack allowed hackers to remain undetected in the network for 20 months.
The UK’s Information Commissioner’s Office (ICO) has fined South Staffordshire Water’s parent company £963,900 following a significant cyberattack that exposed the personal data of over 633,000 individuals. The breach, which began in September 2020, was initiated by a phishing email that tricked an employee into opening a malicious attachment [Help Net Security].
The attackers were able to install malicious software within the company's network and remained undetected for 20 months. The ICO's investigation concluded that the company's poor security practices were a contributing factor to the longevity of the intrusion and the subsequent data exposure.
This fine serves as a reminder of the critical importance of robust security measures, including employee training to recognize phishing attempts and effective network monitoring to detect unauthorized activity. Organizations must prioritize the protection of personal data and ensure that their security defenses are capable of identifying and responding to threats in a timely manner [Help Net Security].