We have many measures in place to protect our networks and the data we hold. We recognise that personal information is entrusted into our care and regret any inconvenience caused by this incident. Since we detected the incident, we have supplemented these existing measures with additional information security tools.

We have taken all necessary steps in response including:

• Taking immediate steps to contain the attack and reduce the risk of any further access by the criminal cyber group
• Engaging leading IT security experts to investigate exactly what happened
• Launching an extensive IT forensic investigation into the incident to assess what data was impacted in the incident
• Notifying the National Cyber Security Centre, Action Fraud, the National Crime Agency, the Information Commissioner’s Office (ICO), Ofwat, and the Consumer Council for Water, along with the Drinking Water Inspectorate and the Department for Environment, Food and Rural Affairs (DEFRA)
• For those customers where necessary, notifying them to let them know what happened and the support we are offering. This includes setting up a dedicated helpline to answer questions and offering free access to a credit monitoring service for a year

As soon as we detected the incident, we engaged leading IT security experts to work with us to contain the attack and reduce the risk of any further access. They are also investigating exactly what happened and have made recommendations on additional IT security enhancements. We have already introduced a number of enhancements.

Yes, as soon as we discovered the incident, we notified the Information Commissioner’s Office in line with our legal obligations and have been keeping them updated as our investigation progressed. Separately, we’ve also notified the National Cyber Security Centre and the National Crime Agency.

Yes, since discovering the incident we have been closely liaising with the police via the National Crime Agency.

We hope you can understand that as this is a police matter, we can’t share any details.

We hope you can understand that as this is a police matter, we can’t share any details.

We regret the concern this has caused and want to assure you that we are committed to supporting you. That is why we are offering you free access to a credit monitoring service, TrueIdentity, for twelve months. The service will alert you if any of your personal data has been compromised on the dark web, helping you stay protected. It is important to be aware that your personal details may already be on the dark web as cyber attacks are now commonplace and therefore may not originate from this incident. The notification letter we sent you includes more information on the service, including how to register for it, and who to contact with more questions.

We also have teams available in the community. You can visit our Community hub in Union Street, Wednesbury. It is open:

• Monday: 10am – 1pm and 1:30pm – 4pm
• Tuesday: 10am – 1pm and 1:30pm – 4pm
• Wednesday: 10am – 1pm and 1:30pm – 4pm
• Thursday: Closed
• Friday: 10am – 1pm and 1:30pm – 4pm
• Saturday and Sunday: Closed

We also have a dedicated mobile support team, which will be travelling around our region over the next four weeks.

TransUnion is one of the three FCA regulated credit reference agencies in the UK (along with Experian and Equifax).

TransUnion receives hundreds of millions of personal data records each month from numerous sources and stewards this information with care, with rigorous safeguarding processes in place. The protection of consumer information is TransUnion’s top priority and they deploy a multi-layered security programmes, constantly enhancing and refining their controls to address the latest security threats.

For more detailed information on how TransUnion use personal data in connection with the use of the TrueIdentity website/service, please refer to the Privacy Policy which can be accessed through the bottom of the TrueIdentity website.

You’ll be asked for your personal details including your name, telephone number, address, and personal email address so TransUnion can verify your identity and create your TrueIdentity account.

You will also be asked a series of knowledge-based authentication questions which relate to the information held on your credit report, so it may help to have a copy of any financial/lending agreements available to support you in answering these.

We are sorry that we can’t create your TransUnion account for you. During the sign-up process you’ll be asked for personal data that we don’t hold about you, you’ll need to set up passwords and there are also authentication questions which require some knowledge of your financial affairs. It simply isn’t possible for us to do this for you.

• Please check your email junk/spam junk folder to see if the activation email has been delivered there
• Please double check you entered your email address correctly on the TransUnion website
• If you are using BT Internet as your email provider, TransUnion have identified that BT are incorrectly blocking emails from the TrueIdentity platform – we are working to resolve this. If you have used a BT Internet email address to sign up to TrueIdentity, please email uktrueidentity@transunion.com and the team will be able to assist you in signing up again via an alternative email address where possible.

Please ensure you use the specific URL in your letter to access the TrueIdentity website, this will take you to the correct UK TransUnion website. If you use an internet search engine to find the TrueIdentity website, it is likely you will reach the USA website instead.

TransUnion’s TrueIdentity online and credit monitoring service is the most suitable service for impacted customers. It will notify you of any potentially fraudulent activity on your credit report, and also alert you if your personal information is published on the dark web. This is why we are covering the cost of a 12-month subscription to this service. 

We have been advised to make you aware of other steps you can take to protect yourself and, as part of this, the CIFAS service is an optional extra that you may wish to explore. However, we are confident that the TransUnion TrueIdentity product we are offering you will certainly help you to stay protected and have been advised this is the best support we can offer you.

TransUnion’s TrueIdentity online and credit monitoring service is the most suitable service for impacted customers. It will notify you of any potentially fraudulent activity on your credit report, and also alert you if your personal information is published on the dark web. This is why we are covering the cost of a 12-month subscription to this service. 

We have been advised to make you aware of other steps you can take to protect yourself and, as part of this, the CIFAS service is an optional extra that you may wish to explore. However, we are confident that the TransUnion TrueIdentity product we are offering you will certainly help you to stay protected and have been advised this is the best support we can offer you.

TrueIdentity will be available to provide you with help and support for 12 months from signing up to them. In order to take advantage of this service you will need to sign up by 1st March 2023.

Of course, we all need to be vigilant for fraud and scams. In particular we recommend that you are on your guard for unsolicited phone calls, emails, text messages and even callers to your home asking for personal information. Action Fraud has lots of helpful advice on how to stay safe. 

The TrueIdentity monitoring service that we are offering will scan the dark web and notify you if your personal information is found online. It is important to be aware that your personal details may already be on the dark web as cyber attacks are now commonplace and therefore may not originate from this incident. If you have any questions about TrueIdentity, or have difficulty registering, or require additional support, please contact TransUnion.

There’s no need to report this to the police as we’ve already reported this incident to police authorities via Action Fraud and the National Crime Agency.

Yes, our customer service and billing systems are all operating as usual, and it is safe to pay your bill as you normally do.

No. We have a legal obligation to provide you with water, and to do so you must hold an account with us.

The dark web is part of the internet that isn’t visible to search engines.

Of course, we all need to be vigilant for fraud and scams. In particular we recommend that you are on your guard for unsolicited phone calls, emails, text messages and even callers to your home asking for personal information. Action Fraud has lots of helpful advice on how to stay safe.

If you would like to let your bank know that your Direct Debit details have been compromised in this incident, then please feel free to do so. They will advise you on what steps you should take.

Your bank should be able to advise you on whether they recommend this.

The notification letter explains all the information we know that was impacted in the incident at this time relating to you.

Yes, you should show them a copy of the notification you have received.

Yes, this incident did not affect our ability to supply safe water and we are still supplying water to all of our Cambridge Water and South Staffs Water customers.

You don’t need to change anything about how you normally use your water. The water is still safe to use and drink.

The Drinking Water Inspectorate is an independent regulator – which has very stringent standards that we must, and do, comply with at all times. They also have a rigorous, ongoing system of checks in place to ensure that water is safe.

Cyberscout is part of TransUnion, the credit monitoring provider we are offering affected customers free access to. We’ve engaged Cyberscout to run a special helpline to support our customers so that we can answer their questions on the notification as swiftly as possible.