LATEST: Wellington sending notices to 6,000 potential breach victims


More than 6,000 customers of six village departments soon will receive notices that they may have been affected by a recent data breach.

Wellington is sending 6,125 letters to customers of its building, business license, code, parking ticket, utilities and planning departments, Assistant Village Manager Jim Barnes said. Of that number, not all will have been affected by the breach of the village’s billing vendor, Superion’s Click2Gov system.

“We’ve narrowed it to that,” Barnes said.

WELLINGTON READERS: Sign up for The Post’s weekly newsletter for Wellington news

More customers could be affected, Barnes said, but because of the way certain departments take in billing information, the village has not been able to find valid contact information for those people or businesses. Instead of mailing notices to those customers, Wellington has put a “Data Breach” button on its website and posted a notice Friday repeating information about the breach and who potentially was affected.

On June 6, Superion notified Wellington that the village’s Click2Gov server may have been compromised. Within an hour of that notification, Wellington Chief Information Officer William Silliman ordered the server shut down. Within about 24 hours, Wellington had rebuilt the server with added security and was accepting online payments.

Silliman and a third-party forensic company, the Sylint Group, have been investigating the breach. They determined it affected only those customers who made one-time online payments through Click2Gov to any of the six departments. The utilities department was breached beginning Nov. 28 and the other five departments were breached beginning March 30, with the window for the breach closing June 4, Sylint determined.

RELATED: Wellington’s not alone: Thousands exposed in municipal website breaches

Wellington is not alone. The Post reported last month that at least nine municipalities and a county government have experienced similar Click2Gov breaches. Cities in California, Texas, Arizona and Wisconsin have been affected. Soon after The Post’s report, cities in Texas and Oklahoma also reported breaches of their Click2Gov servers.

Lake Worth’s Click2Gov system also was breached. The city confirmed its utilities customers were exposed from April 3, 2017, to Jan. 22, 2018, making it one of the longer breaches found by The Post.

What to do

Have you been affected by a data breach? Wellington recommends following these steps:

• Review credit card statements and report unauthorized charges, no matter how small.

• Ask your credit card issuer or bank to deactivate your card and issue a new card.

• Request a fraud alert on your credit file. This will tell creditors to contact you before opening new accounts or changing existing accounts.

• Request that credit reports be sent to you, free of charge, for your review. Even if you do not find suspicious activity, the Federal Trade Commission recommends that you check your credit reports periodically. Equifax: Equifax.com or 800-525-6285; Experian: Experian.com or 888-397-3742; TransUnion: Transunion.com or 800-680-7289.

Related breaches

• Lake Worth: April 3, 2017, to Jan. 22, 2018

• Goodyear, Ariz.: June 13, 2017 to May 5, 2018

• Oceanside, Calif.: July 1 t0 Aug. 13, 2017

• Beaumont, Texas: Aug. 1 to Aug. 24, 2017

• Ormond Beach: Aug. 14 to Oct. 4, 2017

• Fon du Lac, Wis.: August to October, 2017

• Wellington: Nov. 28, 2017, to June 4, 2018

• Okaloosa County: December 2017 to March

• Midland, Texas: December 2017 to June

• Thousand Oaks, Calif.: Jan. 4 to Jan. 10

• Midwest City, Okla.: May 25 to June 21

• Oxnard, Calif.: March 26 to May 29, 2017



Reader Comments ...


Next Up in Local

Pistol-whipped drug dealer arrested after bad deal, police say
Pistol-whipped drug dealer arrested after bad deal, police say

Gainesville police arrested two suspected drug dealers Sunday morning, while the buyers who robbed them at gunpoint remained unidentified. After a police investigation, it was determined that Billie A. Carter, 19, and Quade Eubanks, 20, had traveled to Gainesville from Daytona Beach for a drug deal, Gainesville Police Officer Ben Tobias wrote in an...
Florida neighbors can't bear the sight of nude gardener
Florida neighbors can't bear the sight of nude gardener

Adam and Eve may have been naked in the Garden of Eden, but neighbors in a South Florida city are not happy about a nude gardener in their paradise. >> Read more trending news  Residents in a north Stuart neighborhood called the Martin County Sheriff’s Office to complain about a man who does yard work and walks around his property...
EXCLUSIVE: In video, grandmother begs missing Delray woman’s husband not to take baby
EXCLUSIVE: In video, grandmother begs missing Delray woman’s husband not to take baby

A distraught grandmother throws herself on Lewis Bennett in the driveway of the woman's Boca Raton home.  "Don't take my baby. Don't take my baby," Amparo Alvarez sobs in Spanish before staggering away and collapsing. Inside Bennett’s car is the woman’s granddaughter. "You already killed my sister. What else do...
BREAKING: Motorcyclist killed in wreck near West Palm Beach
BREAKING: Motorcyclist killed in wreck near West Palm Beach

A 33-year-old man is dead after crashing his motorcycle late Tuesday on Congress Avenue north of Gun Club Road, the Palm Beach County Sheriff’s Office said. Joseph Hurff Jr. was about 2 miles west of his West Palm Beach home shortly after 9:30 p.m. when he lost control of his 2007 Harley-Davidson Sportster, crossed three lanes of traffic...
More Stories