The Virgin Islands Water and Power Authority (WAPA) is advising customers who pay their electrical and water bills online to ensure that no questionable or fraudulent charges have been made on their credit or debit card accounts. The advisory comes after a third-party vendor used by WAPA to process credit card payments was the target of an apparent cyberattack.
On Oct. 18, after a customer reported fraudulent activity on a credit card account following an online payment, WAPA immediately notified its vendor, Central Square Technologies, about the possibility of a data compromise.
Central Square Technologies, which has processed WAPA’s online payments for more than a decade without incident, later confirmed the breach, and it has since taken steps to prevent a reoccurrence. WAPA has a meeting with Central Square Technologies on Wednesday and will provide additional updates. The vendor is in the midst of an investigation on the scope, cause and remediation of the data breach involving WAPA’s online payment methods.
Executive Director Lawrence Kupfer said Tuesday night that as a precaution, WAPA provisioned new servers to avoid reoccurrence.
“WAPA is working with Central Square Technologies to determine the number of customers affected, and the dates that the compromise occurred. Payments made by two other options, self-service kiosks, and pay-by-phone were not affected,” Kupfer said.
He encouraged customers to monitor credit card statements for potentially fraudulent activity. “Any suspicious charges should be reported to your bank or credit card provider immediately.”
Additionally, WAPA offers several payment options for its customers who wish to use a different payment method.