Greenwood Commissioners of Public Works’ online bill pay suffered a data breach this week, but personal data was largely not compromised, officials said Friday.
At 3:30 a.m. Wednesday, foreign hackers accessed CPW’s online customer portal, the utility said in a release.
The hackers were able to see a data table that contained email addresses, CPW customer and account numbers, and passwords.
However, officials said no personal identifying information, such as social security and driver’s license numbers, credit card information and addresses, was compromised.
“CPW, like most businesses in today’s digital world, has a variety of attacks daily that are successfully blocked by our multiple levels of protection,” the release said. “The security of our systems and your personal data has always been a top priority for CPW. We are continually looking for new methods to increase our security.”
The hackers used ransomware and demanded CPW pay via bitcoin. Instead, the utility disabled portal access and took related systems offline.
“We engaged multiple computer security experts and increased protection of the server,” the release said. “Additional steps were taken to further harden our firewalls and intrusion protection systems. These experts are confident that this breach cannot happen again and that CPW protection systems are very strong.”
CPW has disabled all current user IDs and passwords. When customers next connect to the online billing portal, they will be asked to re-register. The utility urges customers to use a different password for their CPW accounts, as well for other accounts that are using the same password.
“We regret this incident happened and apologize for any inconvenience this has caused our customers,” the release said.