AFTS Data Security Incident

The City of Puyallup is aware of a security/data incident related to its utility billing vendor, Automatic Funds Transfer Services, Inc (AFTS). AFTS was the victim of a ransomware attack between the evening of February 3rd and the morning of February 4th, 2021. The City of Puyallup contracts with AFTS to print and mail billing statements. There is no direct threat to the City of Puyallup’s network as a result of this incident. 

Ransomware is a type of malicious software (malware) that blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. 

Breached information from the AFTS database may have included the following information: utility bill account number, customer name, address, and billing amounts. No other customer information would have been compromised.

AFTS has hired a forensic company to address the ransomware attack and is attempting to retrieve all its information, and has reported the ransomware attack and potential breach of customer information to the police and FBI.

The City of Puyallup continues to take steps to ensure a high level of security for personal information. If you have any questions, please contact Utility Billing & Customer Service at 253.841.5550 or copbilling@puyallupwa.gov

Frequently Asked Questions

What is Ransomware?

Ransomware is a type of malicious software (malware) that blocks access to data or a computer system until the victim (AFTS, in this case) pays a ransom fee to the attacker.

Is my personal information at risk?

Personal information that may have been recovered from the AFTS database includes customer name and address, utility billing account number, and billing amount. The AFTS database did not contain social security numbers, birth dates, or driver’s license numbers. AFTS did not have access to any customer’s banking or financial information, as the City of Puyallup does not use AFTS as a payment processor. 

Who was affected?

Customers who were potentially affected include those who receive printed invoices and past-due notices in the mail. Customers who receive billing statements electronically were not affected. 

At this time, the City does not know if any of its customers’ information has actually been accessed by the attacker, or if that information has simply been made inaccessible.

Who do I contact if I have questions?

Customers may contact City of Puyallup Utilities at 253.841.5550 or copobilling@puyallupwa.gov.