The Virgin Islands Water and Power Authority’s continuing work with Central Square Technologies to fully assess the effect of a recent cyberattack on a payment processing application has determined the date range that hackers could have gained access to credit and debit card information.
Additionally, Central Square Technologies has provided WAPA with reasonable assurances that there have been no card compromise incidents since Oct. 25 when the cyber threat was identified and security fixes were applied.
Executive Director Lawrence J. Kupfer said Friday that the payment processor application became compromised on Aug. 30 and remained vulnerable through Oct. 25. WAPA received its initial notification from a customer about a card with suspicious activity after making an online payment on Oct. 18.
On that date, a forensic audit on the system was initiated. The audit, performed by a third party, at that time revealed no signs of malware or compromise. However, after additional reports of compromised cards were received by WAPA, the cyberattack was confirmed on Oct. 25 by Central Square Technologies.
Even as the assessment of the attack continues, WAPA will immediately begin notifying customers by both mailed correspondence and email that the card used to make payment to WAPA may be compromised.
The notification will also include information about credit monitoring services that will be provided by Central Square Technologies as well as a hotline the company will establish to field questions and comments from customers with compromised credit or debit cards.
WAPA urges customers to closely monitor credit card statements for potentially fraudulent activity and to report suspicious or unauthorized charges to the bank or credit card issuer, immediately.