Cyber investigation update - October 2024

Earlier this year we experienced a cyber-attack which resulted in unauthorised access to our IT systems. As soon as this was discovered, we took steps to isolate the threat and enhance our security - to protect our data and systems.

Following an in-depth investigation, which is now complete, we identified that some data was potentially accessed. However, since we were first named by the cyber criminals on 22 January 2024, we’ve found no evidence that this has been made available online.

After finding out about the cyber-attack, we appointed a reputable and specialist e-discovery partner to undertake a full and independent interrogation of the potentially compromised data. Our partner used analytics to identify relevant groups of document types from the dataset. These were then manually reviewed by a specialist team to identify whether they contained personal data and, if so, the types of personal data and relevant individuals. These results were then reviewed by us.

While this activity was time-consuming it was important for us to follow this independent process, to identify more precisely what personal data had potentially been compromised, in a quality-assured way. This helped us ensure that we’ve done all we can to provide our customers with as much information and reassurance as possible.

Yes. Following our investigation we’re confident in the steps we’ve taken to ensure our systems are now secure. Our operations have not been impacted. We’re using enhanced monitoring and protection programmes to continually check for any suspicious activity on our systems.

Our cyber-security experts are continuing their analysis and are further strengthening our security.

The National Cyber Security Centre, the Financial Conduct Authority (FCA) and the Information Commissioners Office all provide helpful information to help protect your data and prevent fraud, this has been summarised below:

Stay alert against any suspicious calls, texts or emails which could be a scam. If you receive any suspicious messages or calls, do not hand over any information such as your bank account details. Instead, hang up, or delete any worrying texts or emails and then contact your bank to report the suspicious activity. The FCA has some useful information on how to spot the warning signs of financial scams.

Cybercriminals commonly use a scam technique called “phishing”. This is mostly email-based but can also be over the phone. Victims are lured under false pretences to websites which appear legitimate to get them to provide information including bank account and credit card details. These emails/phone calls appear to be from recognisable sources such as banks but actually link to fraudulent websites. To help prevent phishing:

• Protect your email with a strong password.
• Don’t share your password with anyone.
• Install the latest security updates to your browser software and personal computing devices.
• If in doubt, don’t open emails from senders you don’t recognise.
• Check links look correct before you click on them.
• Be suspicious of anyone who asks for your bank account or credit card details.
• If the email contains spelling mistakes, this can be a sign that it’s a phishing scam. Don’t open the email or attachments.

More helpful information on how to protect your data can be found on the National Cyber Security Centre’s website and the Information Commissioner’s Office website.

If you want to accept our offer of ID monitoring from Experian, you should find the details in the letter you received and visit identity.experian.co.uk/get-started/protection 

You’ll need to enter your ‘activation code’ when you sign up – you’ll find this in your letter.
If you’re having problems using the website or signing up for the service, please contact Experian on 03444 818182. They’re open from 8am to 6pm, Monday to Friday

If you have more than two people named on your Southern Water account, you can request additional codes by calling our dedicated team on 0330 303 0277. Our lines are open from 8am to 6pm, Monday to Friday.

• Unlimited access to your Experian Fraud Report
• Credit alerts – you’ll receive an email or SMS when certain changes happen on your Experian Credit Report, such as the addition of a new credit search.
• Access to Experian’s CreditLock feature, which allows you to lock your Experian Credit Report when you’re not applying for credit and block any bogus claims.
• Web monitoring – an alert by email or SMS which confirms that personal information has been found on the dark web.
• Access to Experian’s Victims of Fraud service if you do become a victim of fraud, who will support you in resolving any fraud that’s occurred.
• If you’re at higher risk of fraud, Experian can add protective Cifas (a fraud prevention service) registration to your Credit Report which can help prevent credit being taken in your name.

Wherever possible, we advise that individuals create and monitor their own Experian services account. The reason for this is that if someone else creates and monitors an individual’s account, or if an individual uses someone else’s email address to set up their account, other people will have access to the individual’s personal data and may receive alerts if their personal data is found online. We understand that there are certain situations where someone else will need to create and monitor an Experian services account on behalf of someone else, so we’ve made it possible to do so. If you have created and are monitoring an Experian services account on behalf of someone else and you want to contact Experian, they will ask you to evidence that:

• the individual to whom the account relates has provided their consent for you to contact Experian on their behalf (e.g. by asking to speak to the individual to whom the account relates); or
• you have Power of Attorney, Deputyship or similar legal authority where the individual to whom the account relates is unable to provide their consent for you to contact Experian on their behalf.