Piece of news of the day
ADVANCED SECURITY EUROPA
EOODUK Water Company Hit with Nearly £1m Fine for Data Breach Compromising Over 633,000 People's Information: Lessons Learned
12 May 2026A UK water company was fined nearly £1m ($1.4m) by the data protection regulator due to a two-year-long incident compromising personal information of over 633,000 people.
The breach, originating from a phishing email in 2020, went undetected until 2022 when the threat actor accessed sensitive data.
The stolen information included personal details, employee HR information, and customer account information.
Security failings included inadequate controls, logging, and monitoring, as well as the use of unsupported software.
The ICO emphasized the importance of proactive security measures for organizations handling large amounts of personal data.
The incident serves as a lesson for organizations to review their resilience posture and implement necessary security measures such as least privilege access controls, effective monitoring, regular patching, and vulnerability management.
