UK water company hit by ‘extremely concerning’ cyberattack
- UK government assures drinking water is safe after hack claimed by Russia-linked ransomware gang
- Cybersecurity experts said it wasn’t clear how deeply hackers had penetrated water supplier’s system
A company that supplies water to more than 1.5 million people in the UK disclosed it was hit by a cyberattack in an incident security experts said highlighted potentially dangerous vulnerabilities in the country’s critical infrastructure.
South Staffordshire Plc said this week that it was experiencing disruption to its corporate computer network as a result of the incident but that its ability to supply clean water hadn’t been affected.
A Russia-linked ransomware gang known as Cl0p took credit for the attack, after initially misidentifying its victim as Thames Water, a much larger water company that supplies London and surrounding areas.
In a statement on a site it maintains on the dark web, Cl0p claimed it stole a large trove of data from the company and had gained access to systems that control the level of chemicals in water. “If you are shocked it is good,” the group stated.
South Staffordshire Plc is the parent company of South Staffs Water and Cambridge Water, which together supply more than 1.5 million people with drinking water in areas surrounding Cambridge, the West Midlands, South Staffordshire, South Derbyshire, North Warwickshire and North Worcestershire, according to the company’s website.
The hackers published screen shots appearing to show that they had gained access to a control system for a water treatment works known as Seedy Mill.