UK water company hit by Cl0p had hackers hidden in its network for nearly 2 years - ICO fines South Staffordshire Water 964K

The UK Information Commissioner fined South Staffordshire Water 963,900 pounds over a 2022 Cl0p ransomware breach that exposed 633,887 customer and employee records. The penalty notice reveals attackers were inside the network nearly two years before discovery - initial access happened September 2020 via a malicious email attachment, but they were not detected until July 2022 when IT performance issues triggered an investigation. The ICO found basic security failures: an unpatched ZeroLogon flaw on two domain controllers, no principle of least privilege, an outsourced SOC monitoring just 5 percent of the IT estate, and Windows Server 2003 boxes still running in production.

Check

Pull your most recent domain-controller vulnerability scan. If nothing exists in the last 90 days, that is itself a finding. Verify ZeroLogon (CVE-2020-1472) is patched on every DC.

Affected

Any organization where domain controllers run unpatched, where the outsourced SOC monitors less than the full IT estate, where legacy systems like Windows Server 2003 remain in production, or where vulnerability scanning has not been performed in over 90 days. Critical national infrastructure and regulated industries face especially harsh penalties for these gaps.

Fix

Patch ZeroLogon (CVE-2020-1472) on every domain controller now if not already done. Confirm your SOC contract requires monitoring coverage of 100 percent of in-scope assets, with endpoint telemetry and authentication logs integrated. Run quarterly internal and external vulnerability scans and retain the reports for regulator inspection. Retire any Windows Server 2003 boxes still in production - extended support ended July 2015.