Pierluigi Paganini August 16, 2022

A cyber attack disrupted the IT operations of South Staffordshire Water, a company supplying drinking water to 1.6M consumers daily.

South Staffordshire Water has issued a statement confirming the security breach, the company pointed out that the attack did not impact the safety and water distribution systems.

South Staffordshire Water plc known as South Staffs Water is a UK water supply company owned by a privately owned utilities company serving parts of Staffordshire the West Midlands as well as small areas of surrounding counties in England. South Staffordshire Water plc is part of South Staffordshire plc.

Thanks to security systems in place, the company was able to supply safe water to its customers or those of its subsidiaries, Cambridge Water and South Staffs Water.

“This incident has not affected our ability to supply safe water and we can confirm we are still supplying safe water to all of our Cambridge Water and South Staffs Water customers.” reads a statement published by the company. “This is thanks to the robust systems and controls over water supply and quality we have in place at all times, as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis.”

South Staffordshire Water reassures customers that the cyber attack will not cause an extended outage.

The company is investigating the incident and is working closely with the relevant government and regulatory authorities.

The Clop ransomware gang claimed responsibility for the attack and added the name of the utility to its Tor leak site.

The ransomware gang claims to be able to impact the operations and the safety of the water supply.

The gang also claims to have stolen 5TB of data from the company.

The ransomware group has already published a sample of stolen data that includes passports, ID Cards, and images of SCADA systems.

Thames Water has denied that the Clop has breached its network and excluded any risk for its customers due to the attack.

“We are aware of reports in the media that Thames Water is facing a cyber attack. We want to reassure you that this is not the case and we are sorry if the reports have caused distress.” reads the statement from Thames Water. “As providers of an essential service, we take the security of our networks and systems very seriously and are focused on protecting them, so that we can continue to provide you with the services and support you need from us.”

BleepingComputer noticed that sample data published by Clop operators include usernames and passwords, which refer South Staff Water and South Staffordshire email addresses.

One of the leaked documents sent to the targeted firm is explicitly addressed to South Staffordshire PLC.

This circumstance suggests that Clop misidentified the victim.

Cybercriminals don’t pick their targets randomly, as hitting water suppliers during harsh drought periods could apply insurmountable pressure to pay the demanded ransom.

For this to happen, though, Clop has to redirect its threats to the correct entity, but considering the publicity the matter has taken, it’s probably too late for that.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, South Staffordshire Water)

[adrotate banner=”5″]

[adrotate banner=”13″]