Priya PatelSouthern Water has confirmed that it suffered a data breach after the Black Basta ransomware group leaked customer data held by the firm. The company stated that a limited amount of data has been published, which includes scans of identity documents, HR-related documents, and corporate car-leasing documents. The breach is currently being investigated by independent cybersecurity specialists, and Southern Water has informed the UK government and relevant regulators about the incident.
Black Basta has threatened to release more data unless its ransom demand is paid by February 29. The ransomware group has been one of the most prolific actors in recent years, making over $100m from ransomware attacks. The attacks on Southern Water and other water companies highlight the urgent need for the industry to modernize its cybersecurity practices.
TL;DR
- Southern Water confirms data breach after Black Basta ransomware group leaks customer data.
- Leaked data includes identity documents, HR-related documents, and corporate car-leasing documents.
- Black Basta threatens to release more data unless ransom demand is paid.
- Water companies facing growing cyber-threats and urged to modernize cybersecurity practices.
Southern Water has confirmed that it suffered a data breach after the Black Basta ransomware group leaked customer data held by the firm. The utilities company, which serves around 4.6 million customers across Southern England, admitted in a post on January 23, 2024, that “a limited amount of data has been published.” Black Basta had earlier claimed to have successfully attacked Southern Water, and published a small sample of the data it allegedly stole on its Tor leak site. This information included scans of identity documents such as passports and driving licenses, documents that appear to be HR-related, and corporate car-leasing documents. Black Basta has threatened to release the rest of the data it claims to hold by February 29 unless its ransom demand is paid.
Southern Water stated in its post that it has informed the UK government and relevant regulators, such as the Information Commissioner’s Office (ICO), about the incident. It is continuing its investigation, in line with guidance from the National Cyber Security Centre (NCSC). The company emphasized that its usual services have not been impacted by the incident.
Commenting on the incident, Jamie Akhtar, Co-Founder and CEO at CyberSmart, said there are indications that the breach could have been the result of a supply chain attack. He noted that some of the leaked documents are branded with Greensands logos, who are the parent company of Southern Water.
The Russian-speaking Black Basta group has been one of the most prolific ransomware actors in recent years. An analysis published in November 2023 by Corvus Insurance found that the gang has made over $100m from ransomware attacks since April 2022. Some good news emerged in January 2024, when German-based security researchers published a new suite of tools able to decrypt some Black Basta ransomware variants, allowing many victims to recover their files.
The attacks on Southern Water and other water companies highlight the urgent need for the industry to modernize its cybersecurity practices. On January 19, 2024, the North America subsidiary of Veolia Water reported it had experienced a ransomware incident, which “affected some software applications and systems.” The attacks on Southern Water and Veolia follow a number of recent warnings about rising cyber-threats to the water sector.
In December 2023, the UK’s National Cyber Security Centre (NCSC) urged the nation’s water sector to apply best practice security measures amid increasing targeting of critical infrastructure. In the same month, the US’ Cybersecurity and Infrastructure Security Agency (CISA) said Iran’s Islamic Revolutionary Guard Corps (IRGC) was behind a series of strikes against water plants in the country. The US government published a new incident response guide for the water and wastewater systems sector on January 18, 2024.
