The cybercriminal gang believed to be responsible for the recent breach of South Staffordshire’s defenses has published sensitive employee data that it obtained from the attack, according to trusted commentators on Twitter.
The water company issued a statement on August 15 in which it admitted it had been “the target of a criminal cyberattack” but denied this had affected its ability to supply water safely to its more than one million customers in the UK.
That prompted Kevin Beaumont, aka @GossiTheDog – a respected Twitter infosecurity expert who enjoys more than 140,000 followers despite profiling himself as a “cybersecurity pleb” whose “tweets are severely limited by my lack of understanding of what I am doing” – to start keeping tabs on the beleaguered water company.
According to Beaumont, a threat group called Clop is behind the cyberattack – and in a follow-up statement he claims that it has now spilled the beans on an undisclosed number of victims among the target company’s employees.
“Clop have now posted the data dump of South Staffordshire Water,” said Beaumont. “It includes a significant amount of PII [personally identifying information] of staff, for instance passports, and lots of corporate data.”
The data disclosure also appears to include passwords, which Beaumont says have been made viewable on an Excel spreadsheet, and he also believes Clop managed to access the part of the water network operated by South Staffordshire.
Beaumont’s latest tweet on the subject declares that the alleged threat group began exfiltrating data as far back as July 18, in what he described as “classic Clop playbook.”
Another Twitter pundit, Falcon Feedsio, which says it publishes data taken from the dark web regarding ransomware attacks, recently appeared to confirm Beaumont’s claims.
“Clop ransomware group has added South Staffordshire Water, utility company in UK, to their victim list,” it tweeted. “They have published Part One of the leaked data, which includes passport, driving license, IP, mail ID, [and] passwords.”
At the time of writing, Cybernews was unable to verify the authenticity of the claims, although Falcon and Beaumont are both regarded as trusted cybersecurity sources.
More from Cybernews:
Subscribe to our newsletter