Cyber Incident Victim: Lake Worth Utilities
Date:
Aug 2018
Location:
United States of America
Summary
A cybersecurity incident potentially compromised credit card information of utility customers who used an online payment system over a six-week period. The breach impacted individuals who paid bills through the platform, with unauthorized transactions possibly occurring during that timeframe. The utility provider relied on a third-party vendor, later identified as Central Square Technologies, to process digital payments rather than managing transactions internally. While the organization itself didn't directly handle payment data, it notified affected customers about the exposure risk and recommended monitoring financial statements for fraudulent activity. The external payment processor initiated an investigation into the security failure that led to the data exposure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In August 2018, the City of Lake Worth Utilities experienced a security incident affecting customers who used its online credit card payment system. Between August 28 and October 9, 2018, unauthorized parties potentially accessed credit card information processed through the utility's third-party payment portal. The City of Lake Worth Utility Billing Department did not directly manage these online transactions, instead relying on an external vendor responsible for the payment infrastructure. Customers were advised to review their credit card statements for fraudulent activity occurring within this timeframe. The incident was publicly disclosed on October 9, 2018, when local news outlet WPTV reported the potential breach. Subsequent reporting confirmed the involved vendor as Central Square Technologies, provider of the Click2Gov payment platform commonly used by municipal utilities.
The utility responded by alerting customers to monitor their financial accounts while the external vendor launched an investigation into the payment system compromise. No evidence suggested direct intrusion into City of Lake Worth's internal systems, as the breach appeared isolated to the third-party payment processing environment. The City maintained its standard billing operations throughout the incident but emphasized that credit card security fell under the vendor's responsibility. No specific details regarding the number of affected customers or exact data exfiltration methods were disclosed in available reports. The investigation focused on determining the vulnerability's origin and scope within the vendor's payment infrastructure during the six-week exposure window.