Skip to content

Cambridge Water: Chief apologises for customer bank details leak

South Staffs Water Andy Willicott, Managing directorSouth Staffs Water
Andy Willicott said he understood "that customers trust us to keep their data safe" as he apologised

The boss of a water company said he would "personally like to say sorry" to customers after their data was hacked.

Cambridge Water customers received letters this week after its parent firm, South Staffordshire PLC, was targeted by cyber-criminals in August.

Managing director Andy Willicott said: "We understand that customers trust us to keep their data safe."

Names, addresses and account details of direct debit customers were published on the dark web, the company said.

Customer Richard Vaughan, from Foxton, Cambridgeshire, said the theft left him "feeling vulnerable", while Sharon Bates, from St Ives, said her parents, aged 89 and 96, received the letter, which had caused "sleepless nights".

Getty Images Man typing at his laptop (stock photo)Getty Images
Companies now have a legal requirement to tell customers if their data has been stolen, a security researcher said

South Staffordshire PLC, the parent company of South Staffs Water and Cambridge Water, said it had started informing customers involved after it was targeted on 16 August.

The company serves more than 1.7 million people, but it has not revealed how many of those have been affected.

It said "leading forensic experts" had discovered the data on the dark web, a part of the internet not accessible by conventional search engines.

Mr Willicott said: "We understand that customers trust us to keep their data safe and I'd personally like to say sorry to all those customers impacted - we'll be doing what we can to support you through this.

"We will continue to invest in protecting our customers, our systems, and our data."

A dripping tap - generic image
The details of direct debit customers of Cambridge Water have found their way onto the dark web

In a statement, Cambridge Water said: "The incident resulted in unauthorised access to some of the personal data we hold for a subset of our customers.

"If customers do not receive a notification letter from us, then they do not need to take any action at this stage."

A "dedicated helpline" has been set up for affected customers.

The National Crime Agency, the Information Commissioner's Office and water inspectorates had been notified, the company added.

presentational grey line

Find BBC News: East of England on Facebook, Instagram and Twitter. If you have a story suggestion email [email protected]