Posted Date: 07/06/2018
NOTICE OF DATA-SECURITY EVENT
To Users of the Wellington, FL Click2Gov Online-Payment System:
We are writing to inform you about an incident that may have exposed your personal information to unauthorized persons.
It recently came to our attention that an unknown third-party was able to gain access to payments made through the Click2Gov online-payment system we use to collect payments for utilities, building permits, business licenses, and parking tickets. Only one-time payments were affected, whether made by manually entering your information at the time of payment or by using information stored in your Wallet to make the one-time payment. The date range of the incident is November 28, 2017, to June 4, 2018, for one-time utilities payments and March 15, 2018, to June 4, 2018, for one-time payments related to building permits, business licenses, and parking tickets.
WHAT INFORMATION WAS INVOLVED?
Personal information affected by the incident includes payment card information (card number, security code, and expiration date), first and last name, middle initial, address, city, state, and zip code.
WHAT WE ARE DOING.
The Village of Wellington values your privacy and deeply regrets that this incident occurred. We have implemented additional security measures designed to prevent a recurrence of such an attack, and to protect your privacy. We also notified the Palm Beach Sheriff’s Office of the incident and are working closely with law enforcement to ensure the incident is properly addressed.
WHAT YOU CAN DO.
In addition to the steps already taken by us, you can take the following additional precautionary steps to further protect yourself.
• Remain vigilant – We encourage you to remain vigilant by reviewing your account statements and free credit reports.
- If you discover errors or suspicious activity on your credit card account, you should immediately contact the credit-card company and inform them that you have received this letter. Confirm the address they have on file for you is your current address, and that all charges on the account are legitimate.
- To obtain an annual free copy of your credit reports, visit www.annualcreditreport.com or call 1-877-322-8228. Review your credit reports carefully for inquiries from companies you did not contact, accounts you did not open or debts on your accounts that you do not recognize. Also make sure to verify the accuracy of your Social Security number, address(es), complete name, and employer(s) information. If information on a report is incorrect, notify the credit bureau directly using the telephone number on the report. Additional contact information for the major credit bureaus is as follows:
P.O. Box 740241
Atlanta, GA 30374
P.O. Box 2104
Allen, TX 75013
P.O. Box 2000
Chester, PA 19022
• Consider placing a fraud alert or security freeze on your credit file –Credit bureaus have tools you can use to protect your credit, including fraud alerts and security freezes.
- A fraud alert is a cautionary flag, which is placed on your credit file to notify lenders and others that they should take special precautions to ensure your identity before extending credit. Although this may cause some short delay if you are the one applying for credit, it might protect against someone else obtaining credit in your name. Call any one of the three credit reporting agencies at the numbers below to place fraud alerts with all three of the agencies.
A security freeze is a more dramatic step that will prevent lenders and others from accessing your credit report entirely, which will prevent them from extending credit. Detailed instructions for requesting a security freeze are below.
• Report suspicious activity – If you believe you are the victim of fraud or identity theft, file a police report and get a copy of the report to submit to your creditors and others that may require proof of a crime to clear up your records. The report may also provide you with access to services that are free to identity theft victims.
• Additional Rights – You may have additional rights related to your personal information under the Fair Credit Reporting Act. The Federal Trade Commission summarizes these rights and any steps affected consumers should consider taking on its website: https://www.consumer.ftc.gov/articles/pdf-0096-fair-credit-reporting-act.pdf
• Additional Free Resources on Identity Theft – You may wish to review the tips provided by the Federal Trade Commission on how to avoid identity theft. For more information, please visit http://www.ftc.gov/idtheft or call 1-877-ID-THEFT (877-438-4338). A copy of Identity Theft: A Recovery Plan, a comprehensive guide from the FTC to help you guard against and deal with identity theft, can be found on the FTC's website at https://www.consumer.ftc.gov/articles/pdf-0009_identitytheft_a_recovery_plan.pdf.
For residents of North Carolina: You may also obtain information about preventing and avoiding identity theft from the North Carolina Attorney General’s office, 9001 Mail Service Center, Raleigh, NC 27699-9001, 1-877-566-7226, www.ncdoj.gov.
For residents of Maryland: You may also obtain information about preventing and avoiding identity theft from the Maryland Attorney General’s office, 200 St. Paul Place, 16th Floor, Baltimore, MD 21202, 1-888-743-0023, www.oag.state.md.us/Consumer/index.htm. You can also contact the Maryland Attorney General’s office by sending an email to firstname.lastname@example.org, or calling 410-576-6491.
• Instructions for Requesting a Security Freeze –A security freeze prohibits a credit-reporting agency from releasing any information from a consumer’s credit report without written authorization. However, please be aware that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing, or other services.
If you have been a victim of identity theft, and you provide the credit-reporting agency with a valid police report, it cannot charge you to place, lift or remove a security freeze. In all other cases, a credit-reporting agency may charge you to place, temporarily lift, or permanently remove a security freeze. The fees vary by state, but may be as high as $15 to place, lift, or remove a security freeze.
To place a security freeze on your credit report, you must send a written request to each of the three major consumer reporting agencies: Equifax (www.equifax.com); Experian (www.experian.com); and TransUnion (www.transunion.com) by regular, certified or overnight mail at the addresses below:
|Equifax Security Freeze
Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
| Experian Security Freeze
Credit Fraud Center
P.O. Box 1017
Allen, TX 75013
|TransUnion Security Freeze
Fraud Victim Assistance Department
P.O. Box 6790
Fullerton, CA 92834
In order to request a security freeze, you will need to provide the following information:
1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
2. Social Security Number;
3. Date of birth;
4. If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
5. Proof of current address such as a current utility bill or telephone bill;
6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.);
7. If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft;
8. If you are not a victim of identity theft, include payment by check, money order, or credit card (Visa, MasterCard, American Express or Discover only). Do not send cash through the mail.
The credit-reporting agencies have three (3) business days after receiving your request to place a security freeze on your credit report. The credit bureaus must also send written confirmation to you within five (5) business days and provide you with a unique personal identification number (PIN) or password, or both that can be used by you to authorize the removal or lifting of the security freeze.
To lift the security freeze in order to allow a specific entity or individual access to your credit report, you must call or send a written request to the credit-reporting agencies by mail and include proper identification (name, address, and social security number) and the PIN number or password provided to you when you placed the security freeze as well as the identities of those entities or individuals you would like to receive your credit report or the specific period of time you want the credit report available. The credit-reporting agencies have three (3) business days after receiving your request to lift the security freeze for those identified entities or for the specified period of time.
To remove the security freeze, you must send a written request to each of the three credit bureaus by mail and include proper identification (name, address, and social security number) and the PIN number or password provided to you when you placed the security freeze. The credit bureaus have three (3) business days after receiving your request to remove the security freeze.
FOR MORE INFORMATION.
Protecting the privacy of your personal information is important to us, and we regret any inconvenience this incident may cause you. Should you have any questions or concerns, please call our customer care center toll free at 800-931-4009 and one of our representatives will be happy to assist you.
Posted Date: 06/26/2018
On June 7th, 2018 the Village of Wellington issued a notice of potential data breach of the Online Water Billing Payment system.
We have taken the necessary steps to investigate the breach and apply patches to secure our online payment systems.
Please be advised that it is safe for customers to use their credit cards to pay bills through our online portal.
Your confidence and trust are important, and the Village apologizes for and deeply regrets any inconvenience or concern this may cause.
Take these steps to reduce the risk of fraud:
- Ask your card issuer to cancel your current card and reissue the card with a new account number. They are not required to do so, and there may be a charge for the replacement card. However, this is especially important if you have used a debit card at the breached entity.
- Carefully monitor all your account transactions.
- If your card issuer offers it, set up text or email alerts of any activity.
- Make sure that your account statements arrive in your mailbox at their normal time. Consider setting up access to online statements, with email notification from the card issuer when your statement is ready for viewing.
- If you become aware of any fraudulent transactions, immediately call your financial institution and follow up by formally disputing the transaction in writing.
- Be suspicious of any email or phone call that you might receive about the breach that requests personal information.
Data Breach of Wellington Online Payment System Update
On June 7th, 2018 the Village of Wellington issued a notice of potential data breach of the Online Water Billing Payment system. We also stated we are taking all necessary steps to investigate the potential breach and will provide updates as additional information becomes available. The following is additional information we have been provided as a result of our continuing investigation.
Sylint Group completed a forensic analysis of the data breach that affected Wellington’s payment system. Please see the following dates and services for specific time frames of possible data breaches.
Data Breach affected dates are November 28, 2017 through June 4, 2018
Utilities payments data breach range from
November 28, 2017 through March 30, 2018
Click2Gov payments data breach range from
March 30, 2018 through June 4, 2018
Breaches include: any payments made to Building, Code, Utilities, Business Licenses, Parking Tickets, or Planning.
This ONLY applies to credit card payments. Credit card Information may have been taken during transactions made during these time frames. This DOES NOT affect credit cards that are kept on file for automatic payments or any payments made by check.
Posted Date: 06/07/2018
Wellington was recently notified about potential unauthorized charges on credit cards used by customers to pay their utility bills. The Village takes the security and protection of its customers’ confidential information seriously.
On June 6, 2018, the Village received a call from our vendor, Superion, notifying us of vulnerabilities in their software. The software problem was with the Click2Gov online payments for utility bills. Credit card information may have been taken during transactions.
The Village immediately shut down our payment connection to Superion and began working with them to determine if our resident’s information was compromised. The forensic analysis is continuing, security patches are being installed and new hardware and software are being installed to eliminate the breach. Even though Superion could not specifically confirm that our customer credit card data has been compromised, the Village decided to notify our customers as a precaution.
What Information Was Involved
What we know right now is that utility bills paid by credit cards between July 2017 to February 2018 may be at risk. The information at risk includes customer names, credit card number, and expiration dates. Payments made over the phone were not affected, only payments made online through the Click2Gov portal.
What We Are Doing
We have shut down our link to Superion’s Click2Gov portal. In conjunction with our vendor, we are upgrading software, security protocols and building a new server. Until we have the online payment system secure and working again, Utility or Building Department payments can be made as follows:
• For Utility Billing, call Customer Service at (561) 791-4010
• For Building Dept. payments, call (561) 753-2430
• Call the Interactive Voice Response at (561) 753-2418
• Stop by the Village Hall located at 12300 Forest Hill Blvd. to pay in person
• Use the drop box outside of the Village Hall located at 12300 Forest Hill Blvd. for Utility payments
What Should You Do?
1. Review any credit card statements closely and report any unauthorized charges, no matter how small, to the card issuer immediately. The phone number to call is usually on the back of the payment card.
2. Ask your credit card issuer/bank to deactivate your card and issue a new card.
3. Request a fraud alert to be placed on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. You may call any of the three major credit bureaus listed below. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for 90 days. You can renew it after 90 days.
4. Request that all three credit reports be sent to you, free of charge, for your review. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission recommends that you check your credit reports periodically. Thieves may hold stolen information to use at various times. Check your credit reports periodically to help spot problems and address them quickly.
• Equifax: Equifax.com or 1-800-525-6285
• Experian: Experian.com or 1-888-397-3742
• TransUnion: Transunion.com or 1-800-680-7289
Your confidence and trust are important, and the Village apologizes for and deeply regrets any inconvenience or concern this may cause. We are taking all necessary steps to investigate the potential breach. We will provide updates as additional information becomes available.