Recology announced this week that a company it contracts with recently suffered a data breach of its King County Customer information.

Recology said that AFTS – the company it contracts with to invoice customers for services, as well as collect payments – was “the victim of a ransomware attack that compromised customer information.”

The company believes that the ransomware attack happened on Thursday, Feb, 4, 2021. AFTS become aware of the data compromise on Friday, Feb. 5, and it informed Recology on Monday, Feb. 8.

This incident may have compromised certain personal information of Recology customers, including names and address as well as payment information such as check images, credit card information, and bank/transit information.

Recology King County residential, commercial and multi-family customers in the Cities of Des Moines, Burien, Bothell, Carnation, Issaquah, Maple Valley, Mercer Island, SeaTac, Shoreline, as well as commercial customers in the City of Seattle may be impacted by this incident.

“Given the nature of the incident, we do not know exactly the type of customer information, and which of it, was potentially impacted,” the company said. “We also do not know if customer information was acquired by the cyber-criminal. The information about our customers that might have been compromised consists of names, contact information, images of checks, and payment card information.”

The Federal Trade Commission recommends that customers should regularly review account statements and monitor free credit reports.

“If you discover any suspicious or unusual activity on your accounts or suspect identity theft or fraud, be sure to report it immediately to your financial institutions” like Equifax, Experian and TransUnion.

AFTS says it has retained a third-party cybersecurity firm to help them investigate the situation. They have also reported the incident to the FBI.

Here’s the full announcement:

Important Notification for Recology King County Customers

We recently learned that the company we contract with to invoice customers for Recology services, and collect payments for those services, AFTS, was the victim of a ransomware attack that compromised customer information.

Given the nature of the incident, we do not know exactly the type of customer information, and which of it, was potentially impacted. We also do not know if customer information was acquired by the cyber-criminal. The information about our customers that might have been compromised consists of names, contact information, images of checks, and payment card information.

We believe that the ransomware activated on Thursday, February 4th. AFTS become aware of the data compromise on Friday, February 5th, and informed Recology on Monday, February 8th.

Recology takes the security of personal information seriously and regrets that this incident occurred. Please review the questions below for more details about the incident and its impact to our customers.

Who is potentially impacted by this incident?
Recology King County residential, commercial and multi-family customers in the Cities of Bothell, Burien, Carnation, Des Moines, Issaquah, Maple Valley, Mercer Island, SeaTac, Shoreline, as well as commercial customers in the City of Seattle may be impacted by this incident.

What are the recommendations to protect customer information?
The Federal Trade Commission recommends that customers should regularly review account statements and monitor free credit reports. If you discover any suspicious or unusual activity on your accounts or suspect identity theft or fraud, be sure to report it immediately to your financial institutions.

You may contact the nationwide credit reporting agencies at:

Equifax
(800) 525-6285
P.O. Box 740241
Atlanta, GA 30374-0241
www.equifax.com
 
Experian
(888) 397-3742
P.O. Box 9701
Allen, TX 75013
www.experian.com
 
TransUnion
Fraud Victim Assistance Division
(800) 916-8800
P.O. Box 2000
Chester, PA 19022
www.transunion.com

What is Recology doing to remedy this issue?
We are working as quickly as possible to determine what kinds of customer data, if any, might have been compromised by the attack. We have notified our municipal partners and will notify the Washington State Attorney General’s Office of this incident.

What is the third-party payment processing company doing?
AFTS has retained a third-party cybersecurity firm to help them investigate the situation. They have also reported the incident to the FBI.

How will this impact my collection service?
Please know that collection service will not be disrupted by this incident, and Recology King County will not issue any late fees for payments missed or delayed by this event.

I am a current Recology customer. What does this mean for me?
This incident may have compromised certain personal information of our customers including names and address as well as payment information such as check images, credit card information, bank/transit information.

The third-party cybersecurity firm retained by AFTS is still in the process of determining the scope and impact of the breach. It is currently unclear which customers and specific data were impacted.

Recology King County is unable to accept online payment for services at this time. We are working diligently to restore our ability to receive and process payments. In the meantime, no late charges will be assessed to customer accounts.

Will I receive collection service if I can’t pay my bill?
Inability to pay during this time will not result in service interruptions or future late fees. Collection service will operate normally. Please continue to place bins out for collection.

How should I pay my next bill?
Customers who want to pay their bills now, rather than waiting for new online payment options, can mail a physical check to Recology King County at the locations listed below. Regardless of your approach, no late charges will be assessed.

Commercial Customers:

Recology
PO Box 35146
LB 1127
Seattle, WA 98124-5146

Residential Customers:
Recology
PO Box 35146
LB 1794
Seattle, WA 98124-5146

When will I be able to pay online or by phone again?
Recology is currently unable to process any payments online or by phone because both options previously relied on AFTS’s payment processing software. We are in the process of investigating alternative options for customer payment. As a reminder, inability to pay during this time will not result in service interruptions or future late fees.

We are working to restore online payment options as soon as possible.

Will my auto pay still be charged?
No. Auto payments will not be charged during this time. As a reminder, inability to pay during this time will not result in service interruptions or future late fees.

I’m a Seattle residential customer, should I be concerned about my information?
Seattle residential customers are billed through Seattle Public Utilities and are not impacted by this incident. Seattle commercial customers are, however, billed through AFTS, and therefore may be impacted by the incident.

Are any other Recology customers impacted by the data breach?
Outside of Recology King County customers, no other Recology locations or customers are impacted by this incident, to our knowledge.

We understand that this is an inconvenience for our customers. We are working hard to ensure that you have answers to any questions.

To contact a representative about this issue, email [email protected].