Updated: February 22, 2021-
In an update provided from AFTS on February 20, 2021, it appears that those like the Port of Edmonds, who receive lockbox and statement services from AFTS, have not been impacted by the data breach at this time.
The Port of Edmonds was informed that one of its third-party vendors – Automatic Funds Transfer Services, Inc (AFTS) – was the victim of a Ransomware attack sometime between the evening of February 3 and the morning of February 4, 2021. The Port of Edmonds contracts with AFTS to print and mail statements, process lockbox payments (mailed checks), and Automated Clearing House (ACH) auto-pays for enrolled tenants.
What is ransomware?
Ransomware is a type of malicious software (malware) that blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. As a result of this attack, AFTS cannot access any of its online data including all of its data regarding Port tenants. At this time the Port does not know if any of its tenants’ information has actually been accessed by the unauthorized party who installed ransomware on AFTS’s system, or if that information has simply been made inaccessible.
What information about me is at risk?
The information stored in the AFTS databases is limited to data necessary to fulfill billing, payment processing of paper check payments, bank bill pay payments, and ACH automatic payments. Potentially breached information from the AFTS database may have included the following personal information:
For those who pay their statements by mailing a paper check, potentially breached information from the AFTS database may have also included the following:
As part of the ACH automatic payment process, the Port sends AFTS a data file with tenant account numbers, bank routing and account numbers, and amounts. It is unknown at this time whether the scanned copies of checks or the ACH automatic payment data file have been illicitly extricated from the network.
What should I do to protect myself?
Tenants who pay by paper check or ACH automatic payment are encouraged to monitor their bank account for unusual activity and report anything suspicious to their bank right away.
What actions have AFTS and the Port taken to protect my information?
AFTS has hired a forensic company to address the ransomware attack and attempt to retrieve all of its information. AFTS and the Port have also reported the ransomware attack and potential breach of tenant information to the local police and FBI.
Are you cancelling Auto-Pay for now? Should I switch to paper check mailed to office?
No, auto-pay is still available for use.
I haven’t paid my bill yet, what should I do?
This incident impacts Port tenants who pay their statements by check sent in the mail to the AFTS “lockbox”, through their bank bill pay service, or through ACH automatic payment. Checks dropped off at Port offices are not impacted by this potential breach. Until this is resolved, we recommend payment through one of the following methods:
I mailed my check recently and it hasn’t cleared the bank yet. Did the Port get it?
At this time, we are recommending that tenants not re-pay their bill. A delay in processing these payments is expected. No late fees will be implemented for tenants whose payment is delayed past the payment due date as a result of this AFTS incident.
What should I do if someone calls me about my Port statement or account?
If you feel that you are receiving a fraudulent call about your Port of Edmonds account – do not disclose any information and hang up. Call the Port
Administration Office phone number at 425-774-0549 or email firstname.lastname@example.org.
What does AFTS do?
AFTS is located in Seattle, WA and has been a billing service provider to the Port for many years. They print and mail Port statements, as well as receive and process payments from Port tenants.
How can I get more information?
For questions not addressed here, please email email@example.com.