An MP has said their bank details were available on the dark web after a cyberattack on a water company.
Conservative MP Marco Longhi told the Commons that he, along with “at least 249,000” others, had seen their bank details posted on the dark web after a cyberattack on the parent company of South Staffs Water.
Speaking during an adjournment debate on the issue, he said: “In July of this year, South Staffs PLC, the parent company of both South Staffs Water and Cambridge Water, experienced a criminal cyberattack.
“The incident involved the theft of data from their IT systems. Following the incident, they found evidence that some of their staff and customer data had in fact been accessed.
“With investigations still ongoing, it has now been confirmed that at least 249,000 customers who pay by direct debit, pretty much all of my Dudley North constituents and myself included, have now seen their personal contacts and banking details available on the dark web.
“The incident took place in July this year, and customers have only in recent weeks been made aware of the real scale of the damage.”
He said having met with representatives of the company “they have acknowledged shortcomings in their initial communications … with their customers, and I am at this point certainly assured they are now taking serious steps to mitigate the anxiety caused, ensuring their customers are supported”.
He added: “I am pleased that having now met with South Staffs Water they have committed to upping their game and are taking better action to support our constituents.”
Culture minister Paul Scully told MPs the Government continued to “take significant action to ensure the security and resilience of our country’s essential services in the wider digital economy”.
South Staffs Water said in a statement on November 29: “In August, we announced that South Staffordshire PLC, the parent company of South Staffs Water, had been the target of a criminal cyberattack.
“Since the incident, we’ve been working with leading forensic experts to investigate fully what happened. Our investigation has now found that the incident resulted in unauthorised access to some of the personal data we hold for a subset of our customers.”
It said it was writing to customers affected, adding: “We have put a full package of support in place for customers who are impacted to ensure they understand fully what has happened and receive the help they need.
“This includes a special helpline for those customers … Our investigation into the incident continues and if we establish that other customers need to take action we will, of course, let them know as soon as possible.
“We are also working closely with the police and with the relevant government and regulatory authorities and are keeping them updated.”