Southern Water [1] [2] [3] [4] [5] [6], a water company serving 2.5 million customers and providing wastewater services to over 4.7 million customers in Kent [2], Sussex [2], Hampshire [2], and the Isle of Wight [2], recently experienced a cyber attack resulting in a data breach. This breach potentially compromised personal and financial information of 5-10% of its customers, including contact details and national security numbers [1].


Southern Water is actively working with technical advisors to identify the customers whose data may be at risk. They have also engaged independent cyber security experts to monitor the dark web for any signs of the stolen data being published [5]. The company has promptly notified the Information Commissioner’s Office and is closely collaborating with the National Cyber Security Centre. As a precautionary measure, affected customers have been offered fraud monitoring services [6]. Southern Water is providing support and guidance to those affected, including advice on potential risks such as phishing attacks and identity theft [3].

Notifications will be sent to an estimated 230,000 to 460,000 individuals, which accounts for 5-10% of Southern Water’s customer base. Additionally, all current employees and some former employees will also be notified [3]. The company is committed to ensuring that its operations and services to customers remain unaffected by the breach. They are actively monitoring for any suspicious activity and will provide updates on the situation through their website and social media channels.


The cyber attack and data breach experienced by Southern Water have significant implications for the affected customers and the company itself. Southern Water is taking immediate action to mitigate the risks and support those impacted. The incident highlights the ongoing challenges faced by the water industry, with utilities already burdened by debt as they upgrade their infrastructure. In 2021, Macquarie [6], the owner of Southern Water [6], injected £550 million in funding to support the company. This incident serves as a reminder of the importance of robust cyber security measures and the need for continuous vigilance in protecting sensitive customer information.