More than 150 people in Lichfield have joined a claim against a water company after their personal information was published online by hackers.
Law firm Leigh Day said it is currently handling claims from 152 local residents among 5,000 across the country following the data breach, which was first confirmed in August 2022.
Details of customers, including bank account information, were published on the dark net following a cyber attack.
East European ransomware group C10p have claimed responsibility for the cyber-attack which also include screenshots of identification documents such as passports and driving licences being shared online.
Sean Humber, partner at the law firm, said:
“This is a large and serious data breach. As the water companies themselves accept, the disclosure of sensitive financial information leaves affected customers vulnerable to fraud by criminals.
“We are continuing to investigate claims by those affected by the data breach against the water companies for compensation for any distress or financial losses caused by the failure to take adequate measures to keep customers’ personal data safe.”
Sean Humber, Leigh Day
South Staffs Water wrote to customers in the wake of the cyber attack confirming “criminals may try to use this compromised data to carry out fraud, in particular by submitting fraudulent Direct Debit mandates to your bank or building society”.
The company’s managing director, Andy Willicott, said at the time:
“We understand that customers trust us to keep their data safe and I’d personally like to say sorry to all those customers impacted – we’ll be doing what we can to support you through this.
“We will continue to invest in protecting our customers, our systems, and our data.
“We continue to supply safe water to all of our South Staffs Water customers. Our customer service, operations and maintenance teams also continue to operate as usual.”
Andy Willicott, South Staffs Water