The Virgin Islands Water and Power Authority is advising customers who pay their electrical and water bills online to ensure that no questionable or fraudulent charges have been made on their credit or debit card accounts. The advisory comes after a third-party vendor used by the Authority to process credit card payments was the target of an apparent cyberattack.

After a customer reported fraudulent activity on their credit card account following an online payment, WAPA immediately, on October 18, notified its vendor, Central Square Technologies, about the possibility of a data compromise.

Central Square Technologies which has processed WAPA’s online payments for more than a decade without incident, later confirmed the breach, and has since taken steps to prevent reoccurrence. WAPA has a meeting with Central Square Technologies on Wednesday and will provide additional updates. The vendor is in the midst of an investigation on the scope, cause, and remediation of the data breach involving WAPA’s online payment methods.

Executive Director Lawrence J. Kupfer said Tuesday night that as a precaution, WAPA provisioned new servers to avoid reoccurrence. ”WAPA is working with Central Square Technologies to determine the number of customers affected, and the dates that the compromise occurred. Payments made by two other options, self-service kiosks, and pay-by-phone were not affected,” Kupfer said. He encouraged customers to monitor credit card statements for potentially fraudulent activity. “Any suspicious charges should be reported to your bank or credit card provider immediately.

Additionally, WAPA offers several payment options for our customers who wish to use a different payment method.”