UK Cybercrime Journal: Inside the Cl0p attack on South Staffs Water

On 11 May 2026 the ICO fined South Staffordshire Water £963,900 after the Cl0p ransomware group, introduced via a September 2020 phishing attack (Get2Loader and SDBBOT), remained undetected for nearly two years, exfiltrating 4.1 TB and personal data of 633,887 people which was later published; the ICO found critical systemic failures including a SOC blind to 95% of the network, zero internal/external vulnerability scans over 18 months, legacy Windows Server 2003 systems, and unpatched domain controllers susceptible to ZeroLogon, leading to recommendations to audit outsourced SOCs, prioritise AD/DC patching, and adopt proactive hunting and monitoring.