A reported ransomware attack on a Seattle-based payments processing company is being closely monitored by at least 11 local customers, including the cities of Seattle and Kirkland and a recycling firm operating in King County.

Automatic Funds Transfer Services (AFTS), which provides payment processing, billing, mailing and other services for municipal utilities and other customers, was hit by a so-called ransomware attack Feb. 3-4, according to media reports and statements by AFTS customers.

Among those potentially affected by the attack are cities of Seattle, Kirkland, Lynnwood, Monroe, Redmond, Puyallup; Skagit Public Utility District; the Port of Everett; the Lakewood Water District and the Alderwood Water & Wastewater District; and the recycling firm Recology King County. The California Department of Motor Vehicles also announced it had been affected by the attack.

Ransomware attackers typically break into victims’ data systems and threaten to sell or lock the data unless victims pay a ransom.

The full extent of the AFTS attack, reportedly carried out by a criminal organization called “Cuba,” isn’t yet publicly known. AFTS did not respond to phone calls or emails Saturday, and its website indicates its services are “unavailable due to technical issues.”

Some affected customers, including the cities of Lynnwood and Puyallup, assured customers that AFTS didn’t have access to customers’ Social Security numbers or other sensitive personal data.


Others, including the city of Monroe, the Lakewood Water District, and Skagit PUD, said AFTS stored scanned images of customers’ checks, which include banking and routing information.

Recology King County, which has customers in Bothell, Burien, Carnation, Des Moines, Issaquah, Maple Valley, Mercer Island, SeaTac, Shoreline and Seattle, also acknowledged that “compromised” customer information could include “images of checks, and payment card information.”

Recology King County will update customers as it gets additional information and is “lining up resources for our customers like identity monitoring,” said General Manager Kevin Kelly.

According to a notice posted by the city of Puyallup, AFTS has “hired a forensic company to address the ransomware attack and is attempting to retrieve all its information, and has reported the ransomware attack and potential breach of customer information to the police and FBI.”

The Seattle office of the FBI did not respond Saturday to a request for information.

According to the tech website BleepingComputer, the AFTS attack was carried out by a “cybercrime operation” calling itself “Cuba Ransomware,” whose website boasts that it “contains information about companies that did not want to cooperate with us. Part of the information is for sale and part is freely available. Have fun.” 

The attack also disrupted billing operations at several organizations, including the city of Redmond, which said utility customers “should expect this month’s invoice to look slightly different, as it will be manually printed and distributed by City staff.”