AFTS Data Breach Notice to Customers

AFTS Data Breach Notice

Monday March 29, 2021

On February 17, 2021, the District notified you via letter of a security/data breach that occurred with the District’s billing vendor, Automatic Funds Transfer Services, Inc (AFTS).  At the time of the letter, the District had not been provided much information regarding the breach or what information may or may not have been compromised which left some doubt and insecurity amongst our customers. 

 

We are happy to report the results from the analysis from AFTS now that the breach investigation had been concluded.  Per AFTS, “Our analysis found no evidence the exfiltrated files contained any Social Security numbers, birthdates, driver’s license numbers, state ID numbers, credit card information, mailing addresses, check images, signatures, or authentication files from any of AFTS’ Statement Printing, Check Processing, and Lockbox customers.” 

 

The District took a proactive approach by being transparent and protective of our customers’ information.  This was the sole reason we took immediate action to inform you of the matter so you could be preemptive to protect your information.  The District no longer uses AFTS and has instituted new protocols in verifying security measures by any vendor to provide the highest level of security possible. 

 

Protection and safety of our customers’ information is and always will be the District’s ultimate priority.  If you have any questions, please contact us as 253-588-4423 or csweb@lakewoodwater.org.

Tuesday February 23, 2021

Lakewood Water District has terminated its relationship with Automatic Funds Transfer Services (AFTS). Payment processing has been moved back in to our office and printing services have been migrated to a local vendor until a formal RFP can be completed. Please direct any questions to our office by calling  (253) 588-4423 or email us at csweb@lakewoodwater.org.

Thursday February 18, 2021

The Lakewood Water District (District) has been made aware of a security/data incident related to its billing vendor, Automatic Funds Transfer Services, Inc (AFTS). The District contracts with AFTS to handle its resident and commercial billing including processing of paper check payments. The AFTS servers were encrypted by ransomware sometime between the evening of February 3 and the morning of February 4, 2021. There is no direct threat to the District’s network as a result of this incident.

The information stored in the AFTS databases is limited to data necessary to fulfill billing and payment processing of paper check payments. Electronic payments are processed by a different vendor who is not impacted by the incident. Breached information from the AFTS database may have included the following personal information: water bill account number, name, address, and billing amounts. Additionally, for residents or businesses who pay their utility bills by mailing a paper check, scanned copies of their paper checks are also stored on the AFTS servers which include bank account and routing information. It is unknown at this time whether these scanned copies of checks have been illicitly extricated from the network.

Residents or businesses who pay their water bill by mailing a paper check are encouraged to monitor their bank account for unusual activity and report anything suspicious to their bank right away. The databases did not contain social security numbers, birth dates, driver’s license numbers, state ID numbers or any other Personally Identifiable Information (PII). The breach at AFTS did not impact credit cards. The databases do not contain any personal or commercial business credit card information.

The District takes its role of safeguarding personal information very seriously. We continue to discuss additional measures that we as a District can adopt to ensure the highest level of security for personal information. For questions, please contact the District at 253-588-4423 or csweb@lakewoodwater.org.