Jump to content
Euro 2024 Coverage ×
Just visiting?

South Staffs Water - Cyber attack and data breach

OutByEaster?

By OutByEaster?
in Off Topic

 Share

Recommended Posts

OutByEaster? Grand Master

OutByEaster?

Posted
  • Moderator
Posted

Anyone else caught up in this?

Apparently a hacking group has taken the personal details of customers for South Staffs Water and published them on the dark web. Up to 1.3 million people are affected in the local region and there's a good chance that the bank details we use for our direct debit are out there for people to make mischief with.

https://www.expressandstar.com/news/crime/2022/12/01/south-staffs-water-data-breach-victims-may-be-at-risk-of-identity-fraud-expert-fears/

Quote

 

In a letter written to employees and customers, the company confirmed that personal data, including bank details, have been compromised following the attack.

In the letter, South Staffordshire Water explained that a ransomware group had hacked into their IT network, subsequently compromising employee and customer data. The identified documents are believed to include employee and customer names, current addresses, and bank details of those who pay by direct debit.

South Staffordshire Water claims to be continuing to assess the full extent of the data impacted, which means there may be additional information belonging to customers who may be affected.

 

I'm potentially one of those people and have had a letter from South Staffs Water informing of that - I'd think there are other people here that also are, given that it's a company that covers large parts of the area around Lichfield, Tamworth, Walsall Rugeley, Cannock and Sutton Coldfield.

I've never been in one of these before and it's obviously a concern - what should I be doing to protect myself? Are any other VT'ers in a similar boat? Should I be looking at changing my account with my bank? 

  • Like 1
Link to comment
Share on other sites
Genie Grand Master

Genie

Posted
Posted

I’m a South Staffs customer but haven’t had a letter (I haven’t had anything from RM for a while).

I guess things to do include 1) changing your SSW online password. 2) contact the bank and tell them about the letter. 3) Make sure you don’t use the same username (email address) / password as SSW on any other websites as people may start testing it out.

  • Like 1
Link to comment
Share on other sites
OutByEaster? Grand Master

OutByEaster?

Posted
  • Author
  • Moderator
Posted
Just now, Genie said:

I’m a South Staffs customer but haven’t had a letter (I haven’t had anything from RM for a while).

I guess things to do include 1) changing your SSW online password. 2) contact the bank and tell them about the letter. 3) Make sure you don’t use the same username (email address) / password as SSW on any other websites as people may start testing it out.

It's not the passwords they've got - it's the bank details of anyone that pays by direct debit. I don't think I even have a login or online account for SSW.

The danger isn't that they log in to places as you - it's that they set up a million direct debits to themselves and empty our accounts.

 

  • Like 1
Link to comment
Share on other sites
Genie Grand Master

Genie

Posted
Posted
9 minutes ago, OutByEaster? said:

It's not the passwords they've got - it's the bank details of anyone that pays by direct debit. I don't think I even have a login or online account for SSW.

The danger isn't that they log in to places as you - it's that they set up a million direct debits to themselves and empty our accounts.

 

Yeah, password switches just as a precaution.

As soon as a new DD or payment is made on my account I get a text so I should hopefully spot any shenanigans right away.

Link to comment
Share on other sites
OutByEaster? Grand Master

OutByEaster?

Posted
  • Author
  • Moderator
Posted

I'm pretty sure Nationwide ask for a text code authorisation for new DD's so I'm hopeful I'm okay there.

I checked, I've never had an online account with SSW - which I guess is why they wrote a letter - they're not had any breach of password or account information - just all the bank details of anyone that ays by direct debit. If you pay by DD, it's probably worth checking with them.

 

  • Like 1
Link to comment
Share on other sites
Genie Grand Master

Genie

Posted
Posted
1 minute ago, OutByEaster? said:

I'm pretty sure Nationwide ask for a text code authorisation for new DD's so I'm hopeful I'm okay there.

I checked, I've never had an online account with SSW - which I guess is why they wrote a letter - they're not had any breach of password or account information - just all the bank details of anyone that ays by direct debit. If you pay by DD, it's probably worth checking with them.

 

Cool, my bills go out of a Nationwide account too so hopefully the existing security measures protect me / them.

  • Like 1
Link to comment
Share on other sites
Xela Grand Master

Xela

Posted
Posted

I don't think there is a great deal they can do with just the bank account details / sort code. 

Just need to keep an eye on your active mandates. Anything untoward happens, you'll be covered under the Direct Debit Guarantee. 

  • Like 2
Link to comment
Share on other sites
sidcow Grand Master

sidcow

Posted
  • VT Supporter
Posted
1 hour ago, OutByEaster? said:

Anyone else caught up in this?

Apparently a hacking group has taken the personal details of customers for South Staffs Water and published them on the dark web. Up to 1.3 million people are affected in the local region and there's a good chance that the bank details we use for our direct debit are out there for people to make mischief with.

https://www.expressandstar.com/news/crime/2022/12/01/south-staffs-water-data-breach-victims-may-be-at-risk-of-identity-fraud-expert-fears/

I'm potentially one of those people and have had a letter from South Staffs Water informing of that - I'd think there are other people here that also are, given that it's a company that covers large parts of the area around Lichfield, Tamworth, Walsall Rugeley, Cannock and Sutton Coldfield.

I've never been in one of these before and it's obviously a concern - what should I be doing to protect myself? Are any other VT'ers in a similar boat? Should I be looking at changing my account with my bank? 

My company had a cyber attack and we were warned our bank details might have been stolen. 

Merely having your bank account name and number isn't really a catastrophic thing though. 

You should keep an eye open but they shouldn't be able to steal from you with just your bank details. 

Link to comment
Share on other sites
Davkaus Grand Master

Davkaus

Posted
Posted
1 hour ago, Xela said:

I don't think there is a great deal they can do with just the bank account details / sort code. 

Just need to keep an eye on your active mandates. Anything untoward happens, you'll be covered under the Direct Debit Guarantee. 

Yup, inconvenient if it happens, but you shouldn't be out of pocket

Link to comment
Share on other sites
sidcow Grand Master

sidcow

Posted
  • VT Supporter
Posted
1 minute ago, OutByEaster? said:

Apparently they got all the information that you used to set up a direct debit - so name, address and bank details.

 

Yes, but how can they pretend to be you in order to set it up? 

Link to comment
Share on other sites
sidcow Grand Master

sidcow

Posted
  • VT Supporter
Posted
10 minutes ago, Genie said:

It’s easy to fill in a DD mandate online or on paper. It’s just name, address and band details.

DDI.png

 

Don't you still need to authorise it though? 

Link to comment
Share on other sites
meregreen Mentor

meregreen

Posted
Posted

Santander have told me to regularly check my Direct Debits, but that I am covered for fraud. They also said that sometimes these crooks will wait a couple of years before using this stolen data. Hoping peoples guard will be down I suppose. 

  • Like 1
Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...
Â