Notice of Data-Security Event
On June 6, 2018, the Village of Wellington received notice from its vendor, Superion, of a potential software vulnerability related to the Click2Gov online-payment system the Village uses to collect payments for utilities, building permits, business licenses, and parking tickets. Although the Village had applied all updates and patches recommended by Superion, the updates did not address this specific vulnerability. An unknown third party exploited the vulnerability to gain access to certain one-time payments made through the Click2Gov online-payment system.
In response, the Village immediately shut down the server at issue and built a new server that eliminated the vulnerability. When the Village learned of the potential incident on June 6, it promptly released the information on its social media pages and website, and through press releases to the media. In addition to promptly releasing information, the Village notified the Palm Beach Sheriff’s Office of the incident and engaged a leading independent forensic firm to review and analyze the incident. The forensic firm’s analysis required the review of a significant amount of system data. This analysis was needed to confirm that the hacker had actually accessed individuals’ information and to identify the time period over which the incident occurred, so as not to unnecessarily alarm unaffected individuals. The Village thereafter formally notified potentially affected individuals as soon as it was able to identify who those individuals might be.
Personal information affected by the incident includes payment card information (card number, security code, and expiration date), first and last name, middle initial, address, city, state, and zip code. The date range of the incident is November 28, 2017, to June 4, 2018, for one-time utilities payments and March 15, 2018, to June 4, 2018, for one-time payments related to building permits, business licenses, and parking tickets.
The Village of Wellington values the privacy of its residents and the users of its website, and deeply regrets that this incident occurred. The Village has taken the necessary steps to secure the system, and it is now safe for customers to use their credit cards to pay bills online.
Individuals who have used the Click2Gov system to make online payments to the Village during the relevant time frames should consider the following steps to protect their information:
- Remain vigilant – Review account statements and free credit reports on a regular basis. Immediately contact your credit-card company if you discover errors or suspicious activity.
- Consider placing a fraud alert or security freeze on your credit file – Credit bureaus have tools to help protect your credit, including fraud alerts and security freezes.
- Report suspicious activity – If you believe you are the victim of fraud or identity theft, file a police report and get a copy of the report to submit to your creditors and others that may require proof of a crime to clear up your records. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to your state attorney general and/or the Federal Trade Commission.
- Additional Free Resources on Identity Theft – The Federal Trade Commission has a wide variety of resources on identity theft and how to protect your information. Visit www.ftc.gov/idtheft for more information.
If you have further questions, please contact our customer care center toll free at 800-931-4009.
As another way to stay informed on the latest news and updates from the Village, residents are invited to sign up for Wellington information and updates at www.wellingtonfl.gov/enews.
For information about other Wellington programs, events, activities, and updates, please visit www.wellingtonfl.gov or watch WellingtonTV for the latest happenings.