Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

South Staffordshire Water Plc customer data exposed after South Staffordshire Water Plc breach

Data Leak
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

South Staffordshire Water Plc's data leak exposed the personal information of 663,887 customers and employees, increasing the risk of fraud and account abuse. The exposure followed a phishing-enabled intrusion that installed malware and remained hidden for nearly 20 months. The leaked material was later verified as authentic and had been published on the dark web.

Related Happenings

ICO fine against South Staffordshire Water for data breach

Regulatory/Legal Action
First: 12.05.2026 11:30 Last: 12.05.2026 11:30 Sources 1

How related: The Information Commissioner's Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees.

About this happening: The **ICO** finalized a **nearly £1m** penalty against **South Staffordshire Water** and **South Staffordshire PLC**, resolving a cyber enforcement action tied to a breach that ex...

Open Happening

South Staffordshire Water hit by network compromise

Incident
First: 12.05.2026 11:30 Last: 12.05.2026 11:30 Sources 1

About this happening: **South Staffordshire Water** suffered a **phishing-led network intrusion** that ultimately exposed personal information tied to **over 633,000 people**. The compromise mattered b...

Open Happening

Barts Health NHS Trust invoice leak on Cl0p leak portal

Data Leak
First: 05.12.2025 20:55 Last: 05.12.2025 20:55 Sources 1

About this happening: The **Barts Health NHS Trust** data leak became public when **Cl0p** posted stolen **invoice files** on its **dark-web leak portal**, exposing **full names and addresses** linked...

Latest development: 08.12.2025 11:30

Barts Health NHS Trust is seeking a High Court order to stop the sharing, publication or use of invoice files stolen from its Oracle E-business Suite (EBS) database; the trust says Cl0p posted the files on the dark web, and it is working with NHS England, the National Cyber Security Centre, the Metropolitan Police and regulators including the Information Commissioner’s Office while its clinical systems remain unaffected.

Open Happening

Timeline

  1. 12.05.2026 23:17 2 articles · 14d ago

    ICO fines South Staffordshire entities over data exposure

    Legal Policy Action Update

    The Information Commissioner's Office fined South Staffordshire Plc and South Staffordshire Water Plc £963,900 ($1.3 million) after confirming that a phishing-led intrusion installed malware, remained undetected for 20 months, and led to personal data for 663,887 customers and employees being extracted and published on the dark web. The regulator said the compromise began in September 2020, the attacker gained domain administrator access between May and July 2022, and the breach was discovered in July 2022 after IT performance problems triggered an investigation.

    Show sources
    Open in new tab