Contact us

South Staffordshire Plc and South Staffordshire Water Plc fined £1m after cyber attack

The ICO has fined South Staffordshire Plc and South Staffordshire Water Plc close to £1m after a major cyber attack.

This fine followed a phishing email which installed malware that remained undetected for almost 2 years. This eventually resulted in over 4.1 terabytes of data (including contact details, HR information, financial information and some special category data) being published on the dark web, affecting almost 634,000 people.

The ICO noted the following failings:

  • Limited controls to prevent the attacker escalating to administrative privileges
  • Inadequate monitoring and logging
  • Use of obsolete, unsupported software
  • Inadequate vulnerability management

The ICO stated that “proactive security is a legal requirement, not an optional extra.”

For full details and to see the ICO’s security guidance, click here.

Share:

Facebook
X
Pinterest
LinkedIn

Related Posts

View all
News

Digital Omnibus on AI is agreed

The European Parliament and the Council of the European Union have now reached agreement on the Digital Omnibus on AI....

Read more
News

South Staffordshire Plc and South Staffordshire Water Plc fined £1m after cyber attack

The ICO has fined South Staffordshire Plc and South Staffordshire Water Plc close to £1m after a major cyber attack....

Read more
News

EU Commission issues draft guidance on high risk AI systems

The EU Commission has released much awaited draft guidance on high risk AI systems under the EU AI Act. The...

Read more
News

Data mapping and AI compliance: What it can do for you

In our latest article for Privacy Laws and Business, Jenai Nissim and Claire Saunders discuss why data mapping is an...

Read more
News

National Cyber Security Centre releases guidance on agentic AI

Have you been considering deploying AI agents and want some guidance on security issues you need to consider? Then head...

Read more
News

ICO publishes final guidance on storage and access technologies

On 29 April 2026 the ICO published its final guidance on storage and access technologies. Two new subchapters have been...

Read more

Our experience...

Speaks for itself through collaboration with leading global brands such as…

  • Tech giants
  • Health tech start-ups
  • Forward-thinking financial institutions
  • Global dating app
  • One of the largest entertainment record labels globally
  • Shopping meccas
  • National broadcasters
  • Professional services firms and regulators
Contact us
0 +

Sector specialisms and in-depth experience

0 %

Client retention rate and long lasting relationships

0 s

Learners who complete our data protection training each year

Skyscanner logo

Don't just take our word for it

“If you’re looking for trustworthy, pragmatic and diligent legal advisors, say Hello(to)DPO! The team has been a great support to Skyscanner on a broad range of privacy and data protection matters, whether advising at a compliance level or on more acute legal issues. You’ll enjoy considerate, timely and helpful advice, provided by professionals with whom it’s a delight to work.”

Gemma Witham
Director of Legal (Privacy), Group Privacy Officer, Sykscanner Limited

HR Dept logo

Don't just take our word for it

“We have been working with HelloDPO for several years now and I have always found them to be friendly, approachable and above all professional in their approach. I would have no hesitation in recommending them.”

Serena May
Director, Southern HR Ltd

AETNA logo

Don't just take our word for it

“We have worked with Jenai, Alison and the HelloDPO team for over 5 years as our DPO and have found their advice and support invaluable. They are pragmatic and flexible in the advice they provide, and assist in making data protection compliance apply in a corporate environment. Working with them is like having additional members of our team, and the relationship has flourished over time.”

Craig Saunders
Head of International Privacy, Aetna Global Benefits (UK) Ltd

 

Frasers Hospitality logo

Don't just take our word for it

“The team (Jenai and Lisa) provided DPO services and compliance support to our business for over a year, during which they consistently delivered high quality advice and excellent client service. The demands of the hospitality industry are high and HelloDPO adapted to this quickly and seamlessly – they are responsive, knowledgeable, and pragmatic. They are also a pleasure to work with.”

Frasers Hospitality (UK) Ltd

Chartered Accountants Worldwide logo

Don't just take our word for it

“We have been working with HelloDPO for nearly a year. The team have been great to work with, highly professional and flexible. Most importantly, they have given clear advice and guidance in what is a very complex area. Well done and we look forward to continuing working with you!”

Ruth Hidalgo
Director, Chartered Accountants Worldwide

Cadogan logo

Don't just take our word for it

“The HelloDPO team have led us patiently through the intricacies of GDPR over the years, helping us to navigate a careful path to ensure understanding of the rules and therefore compliance with them. HelloDPO are a pleasure to work with and I’d have no hesitation in recommending them to others looking for good, commercial advice in this complex area.”

Sanjay Patel
Finance Director, Cadogan Group Limited

Compre logo

Don't just take our word for it

“We have recently engaged HelloDPO and the team, led by Jenai, has been responsive, practical and generally very helpful when dealing with our data protection queries. We look forward to what’s on track to becoming a great working relationship!”

Federica Cozzani
Senior Legal Counsel, Compre Group

Outlogic logo

Don't just take our word for it

“Jenai and Emma are amazing to deal with. They strike the right balance between understanding the business needs while doing it’s fiduciary duty to ensure we are on the right track from a legal, ethical and moral perspective. Working with HelloDPO’s guidance over the past 2 years has enabled X-Mode (now known as Outlogic) to be able to navigate complex and at times uncertain waters with GDPR in a strategic and ethical manner.”

Joshua Anton
CEO, Outlogic

Vue logo

Don't just take our word for it

“A great bespoke service, delivered flexibly by absolute experts in a friendly, collaborative and accessible way. I cannot recommend more highly!”

Clare Russell
Interim Head of Legal, Vue UK and Ireland

Jigsaw logo

Don't just take our word for it

“HelloDPO have been brilliant at getting our data compliance into shape. We have come such a long way in our ways of working and they are always on hand to help when we have complicated or urgent issues – they have simply become part of the team.”

Josh Towb
Head of Business Transformation, Jigsaw

Channel 4 logo

Don't just take our word for it

“The HelloDPO team have provided Channel 4 with a wide range of data protection advice over the years. Alison is always delightful to work with, and her advice is pragmatic and set within a commercial context, which is particularly helpful. HelloDPO runs regular DP Confessionals, which provide our team with a valuable wider industry view and a sense of issues which other organisations are struggling with, and the ways in which they are approaching them.”

Rebecca Miller
Channel 4

Mug of coffee

Let’s chat

Book a free 30 min discovery call with our expert team and we’ll advise how we can help.

Contact us