HomeImpactEmergency InformationAFTS Inc., Data Security Issue
UPDATED 4/9/21
As an update to our previous posting, the Alderwood Water & Wastewater District (the District) received an executive summary of the forensic investigation that AFTS’ outside cybersecurity vendor conducted in response to the ransomware incident that AFTS experienced on February 4, 2021. Based on the contents of that executive summary and based on separate representations made to the District by AFTS, we are pleased to report that the District data AFTS had in its possession during the ransomware attack was not impacted by the incident. Specifically, the District data was not among the data exfiltrated by the ransomware threat actor.
According to AFTS, as described in its executive summary, after noticing suspicious activity on its systems on February 4, 2021, AFTS launched an investigation to determine the nature and scope of the suspicious activities. Working with outside cybersecurity specialists, AFTS determined that an unknown actor accessed the AFTS network and removed certain data from the network (i.e., a practice referred to as “exfiltration” of data).
AFTS undertook a comprehensive and time-intensive review of all files that could have been impacted to determine whether personal information was present in the files. AFTS determined, as a result of its investigation, that information potentially accessed by the threat actor only contained personal information from a small portion of customers and did not include the following information: social security numbers, dates of birth, driver’s license numbers, state ID numbers, credit card numbers, mailing addresses, check images, signatures, or authentication files from any of AFTS’ statement printing, check processing, or Lockbox customers. Also, there is currently no evidence of the misuse of any information potentially involved in this incident.
Since the incident, AFTS has retained a new IT Managed Service Provider, installed new server hardware, implemented multi-factor authentication logins, network endpoint detection monitoring, and firewall changes to manage the AFTS network. Further, AFTS has reported this incident to law enforcement.
The District takes its role of safeguarding personal information very seriously and we continue to discuss additional measures to ensure the highest level of security for personal information. For questions, please contact Jeremy Walker at 206-485-1183 or email us at aftsquestions@awwd.com.
