"The attack, claimed by Cl0p, was detected in July 2022 after engineers responded to performance issues, but a thorough postmortem revealed the initial intrusion occurred almost two years earlier, in September 2020. Among the key failures that led to the attack, and the nearly two-year delay in detecting it, were: Limited controls, which allowed the attacker to escalate their privileges to admin after gaining an initial foothold on the network; Inadequate monitoring and logging. The ICO noted that only 5 percent of South Staffordshire's IT environment was being monitored."
"The ICO said 633,887 people were affected by the attack and the resulting leak of company files. For customers, this included personally identifiable information, usernames and passwords used to access its online services, and bank account numbers and sort codes. For a limited number of customers on the utility company's Priority Services Register, the stolen information could have led to their disabilities being inferred. Cl0p also pilfered HR information, including employees' National Insurance numbers."
"The trove of company data was later leaked online in a file exceeding 4 TB. At the time of the attack, South Staffordshire handled the data of some 1.85 million individuals. Most of the affected people were customers, but the incident also involved employee records. The ICO said the case showed significant failures in the company's approach to data security."
"Issuing the fine of £963,900 ($1.3 million), the Information Commissioner's Office (ICO) said the attack exposed "significant failures in the company's approach to data security." Among the key failures that led to the attack were running unsupported software, including Windows Server 2003, and poor vulnerability management. Investigations showed critical systems were unpatched against known vulnerabilities, and the company failed to regularly run internal or external security scans."
A UK utility provider’s parent company was fined £963,900 for security failures tied to a Cl0p ransomware attack in 2022. The intrusion was detected in July 2022 after performance issues, but analysis showed the attacker gained access in September 2020, nearly two years earlier. The ICO cited limited controls that enabled privilege escalation, inadequate monitoring and logging with only 5% of the IT environment monitored, use of unsupported software including Windows Server 2003, and poor vulnerability management with critical systems unpatched and security scans not run regularly. The attack affected 633,887 people, exposing personal data, usernames and passwords, and bank details, along with HR information including National Insurance numbers. Data was later leaked online in a file over 4 TB.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]