Government Regulations South Staffordshire Water fined nearly $1.3 million over data breach May 13, 2026 Share By SC Staff (Adobe Stock) South Staffordshire Water Plc and its parent company have been fined £963,900 (approximately $1.3 million) for a significant cyberattack that exposed the personal data of over 663,000 customers and employees. The breach, which began in September 2020, was only discovered in July 2022 after IT performance issues prompted an investigation, according to a recent report by Bleeping Computer. The cyberattack on South Staffordshire Water Plc was initiated through a phishing attempt that allowed attackers to install undetected malware for nearly two years. Between May and July 2022, the attackers escalated privileges, gaining domain administrator access. This led to the exposure of sensitive information including full names, addresses, email addresses, phone numbers, dates of birth, bank account details, and employee National Insurance numbers. The Information Commissioner's Office (ICO) cited multiple security failures, such as insufficient controls for privilege escalation, limited monitoring, use of obsolete software like Windows Server 2003, poor vulnerability management, and a lack of security scans. These failures violated UK data protection regulations. The initial fine was reduced by 40% due to the company admitting liability, cooperating with the investigation, and agreeing to a settlement. Source: Bleeping Computer SC Staff Related Security Operations CISA urges critical infrastructure to plan for prolonged service delivery during emergencies SC Staff May 8, 2026 CISA is warning that state-sponsored hackers, specifically Chinese groups known as Salt Typhoon and Volt Typhoon, pose a continuous threat to vital sectors such as electricity, water, and internet services. Security Operations India’s securities regulator warns of AI-driven cyberattack risks SC Staff May 8, 2026 The Indian regulator's advisory specifically addresses the risks posed by AI-driven vulnerability identification tools, such as Claude Mythos. Data Security FTC bans Kochava from selling location data without consent SC Staff May 6, 2026 The FTC's complaint detailed how Kochava collected and sold geolocation data from hundreds of millions of mobile devices, enabling clients to track users' movements to and from sensitive locations such as health clinics and places of worship. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Business Impact Analysis (BIA) British Standard 7799 Chain of Custody Competitive Intelligence Data Custodian Due Care Due Diligence You can skip this ad in 5 seconds