Cyber Incident Victim: Southern Water Services

On February 26, 2020, Southern Water experienced a phishing attack that disrupted its operations, prompting an emergency shutdown of critical systems. The incident began when an employee opened a malicious email attachment disguised as a legitimate communication from the company’s CEO, with the subject line referencing "Coronavirus." This action triggered unauthorized access to Southern Water’s networks, including systems responsible for Supervision, Control, and Data Acquisition (SCADA), which are vital for utility management. The company responded by taking affected systems offline, leading to temporary service interruptions for customers. Southern Water’s social media channels initially attributed the downtime to "essential maintenance," avoiding public disclosure of the security breach during the initial response phase. Services were restored later the same day, with the utility confirming no lasting operational damage.

The attack exploited social engineering tactics, leveraging the perceived authority of the CEO’s identity and heightened public anxiety around the COVID-19 pandemic to bypass email filters and deceive the employee. Industry sources confirmed the phishing vector but noted no evidence of data exfiltration or prolonged system compromise. Southern Water’s reliance on third-party contractors, including a £30m managed services agreement with Capita, raised questions about supply-chain vulnerabilities, though Capita’s role was clarified as unrelated to email management or cybersecurity for this incident. The utility’s spokesperson later acknowledged the phishing attempt and emphasized the rapid containment measures, including network isolation and system reboots. Customer-facing services resumed within hours, with no further disruptions reported after the initial recovery.