PUD Aware of Potential Data Security Issue

Posted Monday, March 15, 2021

Skagit PUD is aware of a potential security issue related to its utility bill payment processing vendor Automatic Funds Transfer Services, Inc (AFTS). Skagit PUD contracts with AFTS to process residential and commercial utility bill payments and mailed paper checks. AFTS was the victim of a ransomware attack.

What is ransomware?

Ransomware is a type of malicious software (malware) that blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. Thus, as a result of this attack, AFTS cannot access any of its online data, including its data regarding Skagit PUD customers. At this time, the PUD does not know if any of its customers’ information has been accessed by the unauthorized party who installed ransomware on ATFS’s system or if that information has simply been made inaccessible.

Is my personal information at risk?

The information stored in the AFTS databases is limited to data necessary to fulfill utility billing and payment processing of paper check payments. Electronic payments made through the PUD’s online payment system are processed by a different vendor not impacted by the incident. 

Potentially breached information from the AFTS database may have included the following personal information: utility bill account number, name, address, and billing amounts. Additionally, for customers who pay their utility bills by mailing a paper check, scanned copies of their paper checks are also stored on the AFTS servers, including bank account and routing information. It’s unknown at this time whether these scanned copies of checks have been illicitly obtained from the network.

What should I do to protect myself?

Customers who pay their utility bill by mailing a paper check or use an online banking service are encouraged to monitor their bank account for unusual activity and report anything suspicious to their bank right away. The databases do not contain social security numbers, birth dates, driver’s license numbers, state ID numbers, or any other personally identifiable information. The potential breach at AFTS did not impact credit cards. The databases do not contain any personal or commercial business credit card information.

Skagit PUD takes its role of safeguarding personal information very seriously. There is no direct threat to the PUD’s network as a result of this incident. The police and FBI are aware of the situation.

For questions, please contact Customer Service at (360) 424-7104 or customerservice@skagitpud.org.