I would admit I would have the same curiosity and want to know the who/why, but it would eventually be tempered with the question "to what end?" Even if you were able to get the utility company to illegally give you PII, then what? Have a chat?

I read about this one girl in NY who came across someone who stole her account info and chased her down throughout the subways, bus system and all the time called the cops who eventually caught her. Fun (risky) stuff, but not sure I have the energy to do a follow-through.

I don't think that it's worth your time and energy pursuing this, especially since the card has been cancelled and you have received a refund. Hopefully your bank has tracked down the criminals.
I also doubt that Anglian Water will tell you the name or account number of the criminal that used your card to pay for the bill. They would most probably require an account number or an address to reference the bill but using just your card details I doubt it.

It sounds like your card may have been cloned, did you use your card in an ATM recently or shop online or use it anywhere else that could be suspicious?

So here is the repsonse from the UK water company

Dear Mr. Xxxxxx

 

Thank you for your email.

 

Unfortunately we cannot locate the property with the details mentioned in the letter.  To ensure that our records are updated, could you please provide us with the complete details of the property and the serial number of the meter serving the property.

 

If we can be of further assistance, please email or telephone on 08457 91 91 55 where our customer services staff will be pleased to help.

 

Yours sincerely

Customer Services

I just replied to their email with this.  Sorry had too, just felt in the mood to get a final stab at them.  call me a jerk or something.

Dear Customer Service,

I understand the privacy of your customers and I was kinda surprised to get the response that I got on first response.  So it came at no surprise to me that a follow up email correcting what was said before came into my inbox.

I am rather concerned though about how your company conducts business and could allow a active customer of yours to pay for their $3XX.XX or any amount water bill with someone else's debit card.  Do you have a verification process?  If not I suggest implementing one to prevent these kinds of transactions from happening.  These would be like asking for the billing address of the card which then would have shown up as being registered in the United States and that should have raised a few red flags.  Seeing as I don't buy anything from overseas or even Canada for that matter I feel my card # was compromised by a less than honest person that had access to my card for a recent purchase that I made and then was sold online on a stolen credit card forum which is common in Europe.

We both know that the relevant authorities are not about to waste their time on a small incident like this.  I hope that you would have been able to find information about this and make a note about it on the users acct that he used a stolen debit card #.  This would help the both of us and possibly stem this criminal from doing it again and could help your company become a leader in the UK in preventing ID theft.

Another thing that interested me and made me wonder how customer service is handled in the UK.  A 10 day response to a query seems to an awful lot?  Is this normal?  Why does it take your company 10 days to respond to a billing question?  Once again I urge you to review your customer service standards and try to improve on them as a 10 day waiting period for your customers is personally, horrible customer service and if you did that in the USA you would not be in business very long.  But maybe you guys run differently over there.

Do they have South Park over there or they just have Mr.Bean?  LOL. 

I was gonna throw in I am a Computer Forensics & Network Security analyst but since that is embleishing the truth by a few months, even though I do have a Forensics job but no certs I decided to leave it out.