Tallahassee Reports has learned that the vendor used by the City of Tallahassee to process utility payments has discovered evidence of unauthorized access to their network. The breach was discovered on November 10th.
In letters sent by TIO Networks to City utility customers, the company said the breach reached locations in the network that housed personal data. TIO Networks is owned by PayPal.
The letters, which began hitting mail boxes this week, stated “although we have no proof that your data was accessed, acquired, or misused, we are notifying you in an abundance of caution because the TIO servers involved in this incident stored data such as customer names, contact information, and account numbers.”
The TIO system also stored credit card information, social security numbers, and bank account information.
The evidence indicates the earliest possible date of intrusion goes back to at least 2014.
The letter provides customers with access codes to receive one year of complimentary identity protection that includes credit monitoring and encourages people with online accounts with TIO to reset passwords.
Also, there appears to be no communication from the City of Tallahassee acknowledging the data breach and the possible impact on the personal information of utility customers.
The non-descript envelope containing the letter about the data breach could easily be ignored by recipients. There is no marking to draw attention to the nature of the letter.
In contrast, on December 12th, the Public Service Enterprise Group (PSEG), a utility headquartered in Newark, New Jersey issued a company press release notifying local media and customers about the data breach.
The press release, in part, said:
PayPal notified PSE&G that there was unauthorized access to TIO Networks’ system that stores customer information. TIO Networks processed payments made at automated kiosks in PSE&G’s walk-in customer service centers between 2012 and 2017. TIO Networks also facilitated payments PSE&G customers made at third-party payment centers, such as local convenience stores, that accept utility bill payments.
When the COT isn’t busy being corrupt, they’re busy being incompetent, negligent, or just taking a paycheck for doing nothing. This incident is no different in how it’s been managed – if there’s a wrong or deceitful way to handle any issue, the COT will find it.
But, hey, we can spend money on our very own City of Tallahassee television station. Channel 13, WCOT.
Florida has one of the strongest identity protection statutes in the country and it does apply to gov’t entities. COT was required by law to make sure that its customers were notified given that the breach involved ss#s, credit cards etc. Law enforcement had to be involved as well. Because it was the action of a third party vendor, the vendor is mostly on the hook. Now take the recent state audit of the school district which found that bus drivers, paraprofessionals and hundreds of others had access to the personal data of thousands of students (including ss #s). None of those students have been told that their data could have been compromised and it is doubtful any law enforcement was asked to look into it. Furthermore, its unclear if the data has even been secured at this point. Why aren’t we hearing more about this?
May be that City and School Board are following the advise of their legal advisor, the Ausley Law Firm. Seems strange that both the City and School Board are under investigation by the FBI and the citizens cannot get any answers.
I call on the rest of the commissioners to follow Nancy Miller’s lead at this time, and just slink away from public life, while you still have a shred of an employable image left.
This means you too Gilbert Ziffer. Just focus on your FL League of Cities full time job, quit your foolish political ambitions in Tallahassee, and pray you are not already so soiled that the FL League of Cities tells you to step down.
Oh and you can keep your $100,000.00 sidewalk scam money as a parting gift.
You could always vote Rick Minor into the commission (:
Shouldn’t the COT agency lead on this issue be Police and Federal identity theft? As in the division that Cynthia Barber is suppose to be over-seeing – [with apparently no qualifications (along with fire, Consolidated Dispatch, Emergency Response) also with no qualifications in those areas] when promoted by Rick Fernandez. So plan on nothing happening aside from attempts at damage control.
Making this security breach a COT marketing issue or a communication issue or a utility division issue – to inform customers – by circulating non-descript junk mail addresses this issue? Not. Making it a COT Computer and IT issue – after the fact – addresses the issue? Not.
This is just another symptom of a system run amok and the spin masters trying to do damage control and down play the severity and implications of a botched system.
So how does a COT utility customer find out if they are on the stolen-identity or security breached list? How did this happen, when and what time period, who/what caused the issue, who was over the programs responsible for this, any accountability for this issue – how about some info Mr. Goad and Commissioners? No relationship to the solar contract award – aside from the timing – correct?
I wonder if the Governor or perhaps any local Federal Law Enforcement folks data was breached at this time?
Spot on Major. Do not forget most of our Honorable Florida Legislature and ALL of their Tallahassee based staff maintain utility accounts with COT and are well aware of the local government’s corruption. But they too prefer to look the other way.
Wake up Honorable Florida Legislature you can really have a positive effect on ALL corrupt local governments in FLORIDA if you make some noise and take a stand here in Tallahassee.
And don’t worry about that Foot-draging Bureau of Investigation ongoing thing. The FBI plans on making a career out of Tallahassee. Much like their God Muller chasing fake news collusion and non-existent goblins up there in D.C.