Ransomware potentially exposed 2,000 Ypsilanti-area utility customers’ bank information

YPSILANTI, MI – A ransomware infection, detected by an employee working the midnight shift in mid-April, may have exposed 2,000 Ypsilanti-area utility customers’ bank payment information to unauthorized individuals.

The Ypsilanti Community Utilities Authority, serving Ypsilanti and surrounding townships, isn’t aware of any reports of identify fraud or improper use of information resulting from the incident, detected on April 16, according to a letter sent this month to affected customers.

“We took a very proactive approach from the very beginning. We’ve brought experts on board, and we followed their guidance,” said YCUA Human Resource Director Debra Kinde.

The person or people behind the network breach potentially obtained files containing customers’ names and bank account and routing numbers used for ACH payments to the water and wastewater service provider, affecting about 8% of the authority’s 25,000 customers, according to Kinde and the letter.

Cybersecurity experts have assured YCUA officials that the information alone should not be sufficient to access the accounts. Kinde said while legal counsel brought on to assess the situation determined the the breach didn’t require notification to customers under the law, YCUA felt it was still important to notify them.

“Better that we take that route than for even one person to be caught unaware,” Kinde said. “We just wanted to be extra-transparent.”

Officials quickly contained the cyberthreat by disabling unauthorized access to their network and started an investigation with the assistance of outside digital forensics professionals, according to Kinde and the notification letter to customers.

The ransomware infected encrypted files stored on the network, and YCUA officials received a demand for payment to access them, saying the information would be released otherwise, Kinde said. Officials were able to restore all encrypted data and did not pay any ransom, she said.

On July 15, the investigation into the incident revealed that data accessible to the unauthorized individual or individuals behind the attack included some customers’ banking information, according to the notice sent to customers.

The letter recommends…