Cyber Incident Victim: City of Wellington
Date:
Jul 2017
Location:
United States of America
Summary
A cybersecurity breach targeting the City of Wellington initially involved cryptocurrency mining but later expanded to include a sophisticated credit card skimming operation. The compromise affected multiple municipal departments, exposing debit and credit card numbers from one-time payments made to utility services, code enforcement, building permits, business licensing, parking tickets, and planning divisions over an extended period. The incident's scope was broader than first disclosed, with additional vulnerabilities identified during subsequent server assessments.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Wellington, Florida, experienced a cybersecurity breach that began in July 2017 and persisted until early June 2018. Attackers initially compromised the village's systems to mine Bitcoin, leveraging unauthorized access to computational resources for cryptocurrency generation. During this period, the intrusion evolved to include a sophisticated credit card skimming operation designed to capture payment card data. The breach primarily impacted individuals who made one-time debit or credit card payments through Wellington's municipal systems. Initial public notifications in late May or early June 2018 warned utility customers about potential card number theft from transactions processed between July 2017 and June 2018.
Subsequent investigation revealed the breach's scope extended beyond utility payments. Chief Information Officer William Silliman confirmed through further server analysis that additional municipal departments were compromised, including code enforcement, building permits, business licensing, parking ticket processing, and planning department transactions. The skimming operation specifically targeted one-time card payments across these services, exposing more individuals than initially disclosed. No evidence suggested recurring payment systems or stored card data were affected. The village issued updated breach notifications as the full extent became clear, though specific numbers of affected individuals and forensic methodology details weren't publicly released in the available reporting.