PORT ANGELES — Late fees and delinquency notices have been suspended for city utility ratepayers until further notice while city officials figure out if a data breach of the city’s computer system occurred, and if so, how it happened and how many customers’ credit cards were compromised.
City Manager Dan McKeen announced the late-fee suspension during an update at Tuesday night’s City Council meeting.
City officials began looking into the possible breach July 24 after receiving numerous complaints from credit-card-paying utility ratepayers who were victimized by unauthorized use of their credit cards, including one ratepayer whose card was used only for city utility bills.
“This appears to be someone entering the system and mining, someone who obtained information that had later been used to compromise credit cards,” McKeen said Wednesday.
“If that occurred, we still need to verify it, and how it occurred, we still don’t know.”
McKeen said Wednesday a forensics investigation into the possible breach should determine how many customers were affected and how far back the compromise goes.
That effort could cost $70,000, of which $25,000 would be covered by the city as deductible and the remainder covered by insurance.
The costs overall to investigate and correct the problem will reach higher than that, McKeen predicted.
“It will depend in large part on how many people were affected,” he said.
McKeen did not know how long the investigation will last.
Only cash and checks are being accepted for utility bill payments.
“We should be able to accept over-the-counter credit cards next week,” he said.
The possible breach came to light when a foreign file was discovered on a city server following reports of credit card irregularities that customers notified the city about by email beginning Sunday, July 23.
City officials received 20 reports through July 25 of unauthorized credit card payments that customers believed could be related to their city utility payments.
City notices warning customers of the possible breach were mailed July 25 to the city’s 9,400 rate-paying customers.
The FBI and state Attorney General’s Office were notified as required, acting Finance Director Tess Agesson said Wednesday.
The city upgraded its servers about six months ago, McKeen said.
Pacific Science Center, Washington State University, Metro Parks Tacoma and the Seattle Housing Authority had “similar problems” from May 4-July 10, McKeen said in his presentation to the council.
Residents should call 360-417-4600 with questions related to the late-fee suspension and other credit-card-payment issues.
________
Senior Staff Writer Paul Gottlieb can be reached at 360-452-2345, ext. 55650, or at pgottlieb@peninsuladailynews.com.
