The city of Auburn was the victim of a ransomware attack on its utility billing payment processor between the evening of Feb. 3 and the morning of Feb. 4.
The city’s Communications Manager, Kalyn Brady, said information stored in the Automatic Funds Transfer Services Inc. (AFTS) database is limited to data necessary to fulfill utility billing and payment processing of paper check payments.
Brady emphasized that these databases do not contain Social Security numbers, birth dates, driver’s license numbers, state ID numbers or any other personally identifiable information. The databases do not contain any resident or commercial business credit card information.
Brady said personal information that may have been exposed includes: utility bill account numbers, names, addresses and billing amounts. Additionally, for residents or businesses who pay their utility bills by mailing a paper check, scanned copies of these checks are also stored on the AFTS servers, which include bank account and routing information. The city does not know at this time if these scanned copies were accessed.
“The company made us aware of this few days ago, but it has been working to get a better understanding of the impact. Once we determined that we had a complete understanding from them of who in our customer base may have been affected, we shared the message with customers,” Brady said.
“I don’t know where the attack originated from, or why the company was unable to make us aware until recently,” Brady added.
Residents or businesses who pay their utility bill by mailing a paper check should monitor their bank account for unusual activity and report anything suspicious to their bank immediately.