Automatic Funds Transfer Services Inc.

The Washington State Office of the Attorney General disclosed a **ransomware attack** targeting **Automatic Funds Transfer Services Inc. (AFTS)** on **February 4, 2021**, reported publicly on **March 17, 2021**. The incident compromised the personal and financial data of approximately **695 Washington residents**, exposing sensitive information such as **names, email addresses, and bank account routing details**. The breach stemmed from a malicious cyber intrusion where attackers encrypted AFTS’s systems and exfiltrated customer data, posing significant risks of **financial fraud, identity theft, and unauthorized transactions**. While the full scope of misuse remains undetermined, the exposure of **bank routing information**—a critical component for electronic fund transfers—heightens vulnerabilities for affected individuals. The attack underscores the growing threat of ransomware groups targeting financial service providers to exploit payment processing infrastructure. AFTS, a company specializing in **automated payment and fund transfer solutions**, faced operational disruptions and reputational damage due to the breach. The incident also triggered regulatory scrutiny, with the Attorney General’s office likely mandating corrective measures, including **customer notifications, credit monitoring services, and enhanced cybersecurity protocols** to mitigate future risks. The breach serves as a stark reminder of the escalating sophistication of ransomware attacks in compromising third-party financial processors.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10427

TPRM report: https://www.rankiteo.com/company/afts

"id": "aft041091825",
"linkid": "afts",
"type": "Ransomware",
"date": "2/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': 695,
                        'name': 'Automatic Funds Transfer Services Inc. (AFTS)',
                        'type': 'company'}],
 'data_breach': {'number_of_records_exposed': 695,
                 'personally_identifiable_information': ['names',
                                                         'email addresses',
                                                         'bank account routing '
                                                         'information'],
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['personally identifiable '
                                              'information (PII)',
                                              'financial data']},
 'date_detected': '2021-02-04',
 'date_publicly_disclosed': '2021-03-17',
 'description': 'The Washington State Office of the Attorney General reported '
                'a data breach involving Automatic Funds Transfer Services '
                'Inc. (AFTS) on March 17, 2021. The breach was caused by a '
                'ransomware attack on February 4, 2021, affecting '
                'approximately 695 Washington residents by potentially '
                'exposing their names, email addresses, and bank account '
                'routing information.',
 'impact': {'data_compromised': ['names',
                                 'email addresses',
                                 'bank account routing information'],
            'identity_theft_risk': 'potential',
            'payment_information_risk': 'potential'},
 'references': [{'date_accessed': '2021-03-17',
                 'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Washington State '
                                                        'Office of the '
                                                        'Attorney General']},
 'title': 'Data Breach at Automatic Funds Transfer Services Inc. (AFTS) Due to '
          'Ransomware Attack',
 'type': 'ransomware'}