Call our team

Cambridge Water/South Staffs Data Breach Claim

We have connected many data breach victims to specialist lawyers to pursue compensation against companies that have failed to prevent unauthorised access to their personal data. Cambridge Water, also known as South Staffordshire Water, was hit by a cyber attack in August 2022.

The information that was leaked consisted of the following:

  • Full names of Employees and Customers
  • Current Addresses
  • Bank Details of Direct Debit 


Due to the fact that this breach involves bank details, those affected by this breach could be entitled to thousands. Are you one of the affected?

Am I eligible to join the Cambridge Water/South Staff Data Breach Compensation Claims?

The simple way to find out if either of these companies has lost your data should be through some level of correspondence, whether through email or letter, as they are legally obligated to inform you. Nonetheless, our experience tells us that it’s fairly common that companies fail to enforce this step. This was definitely the case with both of these companies, as they had to send out letters in January 2023 to contact the remaining affected individuals, despite the breach happening in August 2022. 

The company claims in it’s response that the reason it took so long to notify people was because: 

Investigations like this are very complex and it takes time to understand what happened and then to analyse the data that could have been impacted. As soon as we were aware that we needed to notify our customers in compliance with our legal obligations, we began to do so.”

Whether through oversight or avoidance is unclear, but not only does this mean that lack of notification isn’t proof that you aren’t affected, but if you are affected in this circumstance, our lawyers can use it to boost your claim. 

Nonetheless, regardless of whether or not you were notified, we will be able to tell you how likely it is that you’re eligible. All you need to do is input some simple, basic details that will take you less than sixty seconds, and a lawyer will get in contact with you. They work on a no-win no-fee basis, ensuring that no money comes directly from your pocket regardless of the outcome, only from the compensation won. 

Your assigned lawyer will handle all the legal and administrative busywork that comes with the claim, meaning you are required to do little whilst letting them do their job.

Step 1

Contact Us

Get in touch and tell us a bit about your data breach. You will likely have already been contacted by the organisation responsible for the loss of data, so have that info to hand as it will help us expedite your claim.

Step 2

Leave us to it

Once you’ve provided us with all the relevant information, your claims expert will do all the work on your behalf so you won’t have to lift a finger.

Step 3

Claims success

While not all claims are guaranteed to win, at the conclusion of a successful claim, we will aim to get you the best compensation amount possible.  You only have to pay us any fees in the event of claims success.

Our process

Our claim process gets results for our clients.

At Evans Hughes, we handle your data breach claim to maximise your chances of success. Working on a No-win, No-fee basis, you only ever have to pay our fees following a successful claim so there’s no risk of you making a claim and no upfront costs.

Start your data breach claim today.

Office hours: 9-5 Monday to Friday

What happened with Cambridge Water/South Staff?

Cambridge Water and South Staffs Water are two separate water supply companies in the UK. Cambridge Water provides potable water to the city of Cambridge and its surrounding areas, whereas South Staffs serve the west midlands and Staffordshire areas. 

In August of 2022, Cambridge Water and South Staff Water came forward and confessed that they had been hit with a cyber attack, and the culprits had managed to get their hand on sensitive customer and employee information – including financial information. 

This information was then published on the dark web. Letters were sent out to inform affected individuals, but the precise details of what was leaked was left obscure by the water companies. This angered a lot of individuals affected, and added to their stress, as they had no idea just how much danger they were in. 

Who attacked the Water Companies?

The identities of the individuals who were behind the cyber attack have been revealed. A fairly notorious eastern european hacker group named C10p (pronounced Clop) have claimed full responsibility for the attack, although it appears that they meant for the attack to target a bigger water company – the Thames Water. When they got ahold of the information, they approached the water companies and demanded money in exchange for both keeping quiet about the breach, and not publishing the data. We can only assume that the Water Companies declined or ignored them, as the group later published this sensitive information online.

What was Cambridge Water/South Staffs Water’s response?

When asked about what they are willing to do to ensure this never happens again, their response was: 

“We have many measures in place to protect our networks and the data we hold. We recognise that personal information is entrusted into our care and regret any inconvenience caused by this incident. Since we detected the incident, we have supplemented these existing measures with additional information security tools.”

A vague statement to say the least. When asked about how many customers were affected, they claimed: 

“Our investigation into this incident is ongoing and we are still assessing the potential impact on customer data. As we identify groups of customers who need to take action because their data has been impacted we are, of course, notifying them as soon as possible.”

Eligibility for a Compensation Claim

The good thing is – it’s easy to find out if you have a reasonable compensation claim case. All you need to do is click on the “Start Your Claim” button. There is no obligation to finish or go through with any sort of claim, but by clicking the button and filling in some easy information that will take less than two minutes, you can find out if you’re eligible, and if you are, how strong your claim can be.

Understand, the lawyer assigned to you will be a specialist that works on a no-win, no-fee basis. This means nobody will expect any money from you if the case does not work out, and if you win, the money is taken from the winnings rather than your bank account.

Data Protection Act of 2018

The Data Protection Act of 2018 is what enables you to make the Data Breach Compensation Claim. It is the successor to the Data Protection Act of 1998 and is designed to ensure that you can give your private information to companies with the expectation and assuredness that your data will be protected to the best of that company’s ability. 


The following is a breakdown of what the Act entails. 

  • Personal Data – The Data Protection Act divides the data you give between personal and non-personal. Personal, of course, refers to details that pertain to your privacy. Such as addresses, names, telephone numbers etc. 
  • Rights of Data Subjects – The Data Protection Act ensures that individuals have the right to be informed when their data is leaked. In this case, Cambridge Water and South Staffs is supposed to have sent out an email to the addresses of each person who had their data leaked. Failure to do so could result in a higher payout. 
  • Lawful Basis – Processing of personal data has to be done on a legal, lawful basis. Meaning through consent, contract, obligation or legitimate interest. 
  • Data Protection Impact Assessments – For high-risk data processing, such as transfers and situations that require several individuals in the process. 
  • Data Protection Officer – Organisations must have officers who are in charge of ensuring the data is protected. 

What measures should I take to protect myself from the Cambridge Water/South Staffs Data Breach?

It’s unreliable to wait for these companies to contact you, as they have taken months to inform those afflicted. As such, if you suspect you may be one of the many who have had their data breached, here are some of the things you can do. 

  • Check with your Bank – Ensure that you tell your bank about the possible leak, so they can watch closely for fraud. This may mean that some of your transactions will be micro-managed and perhaps you’ll be bothered for confirmation, but it’s worth the risk. 
  • Change Credentials – Change passwords on critical accounts, as the information that has been leaked can be used to possibly answer security questions. 
  • Be careful of contact – Hackers will sometimes send either texts or emails in order to get an extra bit of information that can be used to access your accounts. 

Start your data breach claim today.

Office hours: 9-5 Monday to Friday

Our reviews

What our customers say...

Get in touch

Work with us

Contact us if you have a data breach enquiry and we’ll get back to you at the earliest opportunity. Use our contact form, email us, or pick up the phone and give us a call.