Southern Water says it is aware of a claim by cyber criminals that data has been stolen from some of its IT systems.

The water company had previously detected suspicious activity, and had launched an investigation, led by independent cyber security specialists.

Since then, a limited amount of data has been published.

However at this point there is no evidence that customer relationships or financial systems have been affected. Southern Water said its services are not impacted and are operating normally.

The utility has informed the Government, regulators and the Information Commissioner's Office; the company is closely following the advice of the National Cyber Security Centre (NCSC) as the investigation continues.

Southern Water commented:

“If, through the investigation, we establish that customers' or employees' data has been stolen, we will ensure they are notified, in accordance with our obligations.”

The Black Basta ransomware group has claimed it was responsible for the attack – the group is reported to have been paid millions of dollars from dozens of victims since April 2022.

Data the group has allegedly stolen from the water company includes personal data of what could be customers, including dates of birth and nationalities, together with scans of identity documents like driving licences and passports.