A water company that supplies drinking water to over 1.6 million people in the UK says it has been hit by a cyber attack. But the criminal gang involved appears to have claimed it had breached a different water utilities firm.
South Staffordshire Water says it has been the "target of a criminal cyber attack" which is causing disruption to its corporate IT network, but hasn't affected the company's ability to provide safe drinking water to customers.
"This is thanks to the robust systems and controls over water supply and quality we have in place at all times as well as the quick work of our teams to respond to this incident and implement the additional measures we have put in place on a precautionary basis," the company said in a statement.
South Staffordshire Water hasn't divulged the nature of the cyber attack it has suffered, but the company revealed that it had been targeted by criminal hackers shortly after the Clop ransomware gang claimed to have hit another water company, Thames Water, who say that reports they've been breached are a "cyber hoax".
"We are aware of reports in the media that Thames Water is facing a cyber attack. We want to reassure you that this is not the case," the company said.
"As providers of an essential service we take the security of our networks and systems very seriously and are focussed on protecting them, so that we can continue to provide you with the services and support you need from us".
In a statement posted to its leak site, Clop claimed it has spent "months" in the company system. If that's the case, it's unclear why the ransomware gang thought it was in the network of Thames Water if it had actually breached the network of South Staffordshire Water -- two separate companies that provide water to different parts of the UK.
The ransomware hackers also claim to have access to SCADA (Supervisory Control and Data Acquisition) industrial control systems that control chemicals in the water, a claim that South Staffordshire Water refutes. "This incident has not affected our ability to supply safe water," the company said.
It's currently unclear what sort of ransom demand has been made, or if the demands have been met – particularly if the attackers were apparently trying to extort a payment from the wrong target.
South Staffordshire Water says it's "working closely with the relevant government and regulatory authorities" and that it will keep them, and customers, updated as investigations into the incident continue.
"We are aware that South Staffordshire Plc has been the target of a cyber incident. Defra and NCSC are liaising closely with the company," a government spokesperson told ZDNET.
"Following extensive engagement with South Staffordshire Plc and the Drinking Water Inspectorate, we are reassured there are no impacts to the continued safe supply of drinking water, and the company is taking all necessary steps to investigate this incident."
ZDNet has contacted South Staffordshire Water but is yet to receive a response at the time of writing, while a National Cyber Security Agency (NCSC) spokeperson told us that it's not possible to comment on an ongoing incident.