Cyber Incident Victim: Lewes Board of Public Works

On May 29, 2019, the Lewes Board of Public Works (BPW) notified customers of a potential compromise of their personal information following a hacking attempt targeting its customer information system. Federal and state agencies alerted the utility provider to the possible breach, which specifically affected its automatic payment processing infrastructure. The incident exposed sensitive customer data, including names, email addresses, and financial account information such as credit card or debit card details. While the organization confirmed unauthorized access to its systems, it stated no evidence of actual misuse of the compromised information had been identified at the time of notification. The breach notification was distributed directly to customers via formal correspondence on the discovery date, indicating prompt disclosure upon receiving external agency alerts.

The Lewes BPW's response centered on customer transparency and fraud prevention guidance. In its mailed statement, the organization advised potentially affected individuals to monitor their financial accounts for suspicious activity, though it did not specify whether it offered credit monitoring services or other remediation measures. The incident exclusively impacted customers enrolled in automatic payment systems, though the total number of affected individuals remained undisclosed. No operational disruptions to utility services were reported as a consequence of the breach. The utility provider emphasized ongoing coordination with law enforcement agencies but did not publicly disclose technical details regarding the attack methodology, system vulnerabilities exploited, or containment measures implemented post-incident.