Automatic Funds Transfer Services, Inc. (AFTS) of Seattle was the victim of a ransomware attack in early February that may have compromised information provided to AFTS by the DMV, including the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers and vehicle identification numbers (VIN). AFTS does not have access to DMV customers’ Social Security numbers, birthdates, voter registration, immigration status or driver’s license information, therefore this data was not compromised.
The information stored in the AFTS databases is limited to data necessary to fulfill utility billing and payment processing of paper check payments.
At this time, we have no knowledge that any personal information belonging to any Kirkland utility customers has been accessed or misused. However, AFTS is currently conducting an investigation to determine what personal information might have been accessed by the ransomware actors, if any, and will inform Kirkland of that information when it becomes available. We can confirm that ATFS’ database does not contain any of our customers’ social security numbers, dates of birth, driver’s license numbers, state ID numbers or credit card numbers.
The City of Lynnwood contracts with AFTS to mail our printed utility statements to customers. Information that is included in the mailed statements includes the customer name, address, and utility account number. Lynnwood's information stored in the AFTS database is limited to data necessary to fulfill the printing and mailing of utility bills. Payment methods are processed by a different vendor who has not been impacted by this incident.
The information stored in the AFTS databases is limited to data necessary to fulfill utility billing and payment processing of paper check payments. Electronic payments are processed by a different vendor who is not impacted by the incident. Potentially breached information from the AFTS database may have included the following personal information: utility bill account number, name, address, and billing amounts. Additionally, for residents or businesses who pay their utility bills by mailing a paper check, scanned copies of their paper checks are also stored on the AFTS servers which include bank account and routing information. It is unknown at this time whether these scanned copies of checks have been illicitly extricated from the network. The databases do not contain social security numbers, birth dates, driver’s license numbers, state ID numbers or any other Personally Identifiable Information (PII). The databases do not contain any resident or commercial business credit card information.
Personal information may have been exposed including names and addresses of utility customers. The City of Redmond is working closely with AFTS to determine the extent of the breach and if any of the City’s information was compromised.
The City of Seattle has recently learned that a third-party utility billing vendor, Automatic Funds Transfer Services, Inc. (AFTS), which is used by a small number of City departments, was the victim of a ransomware attack. City departments use this vendor for commercial billing, printing, and mailing services.
The information stored in the AFTS databases is limited to data necessary to fulfill billing and payment processing of paper check payments. Electronic payments are processed by a different vendor who is not impacted by the incident. Breached information from the AFTS database may have included the following personal information: water bill account number, name, address, and billing amounts. Additionally, for residents or businesses who pay their utility bills by mailing a paper check, scanned copies of their paper checks are also stored on the AFTS servers which include bank account and routing information. It is unknown at this time whether these scanned copies of checks have been illicitly extricated from the network.
We have no indication Port of Everett’s customers information has been compromised, but we wanted to make you immediately aware of the risk of potential exposure of your personal and/or credit information as soon as possible.
As more cities, agencies, and organizations disclose data breaches, we will update the above list.
