Lubbock, Texas utility payment site has malicious code injected, compromises financial data of 12K customers
Learn More
The city of Lubbock, Texas is reporting that sensitive financial information of citizens was stolen by hackers who implanted malicious code into the city's utility payment website. This e-skimming attack affected anyone who made utility payments through the compromised site between December 18, 2024, and January 6, 2025.
The attack targeted customers paying bills for water, wastewater, storm water, and solid waste services. Hackers created a fake pop-up window on the City of Lubbock Utilities (COLU) payment website that intercepted payment information.
The stolen data includes:
- Names
- Billing addresses
- Payment card numbers
- CVV security codes
- Card expiration dates
While the city confirmed that all payments made during this period were properly processed and no payments were delayed, the attackers were able to harvest financial information from anyone who entered their details into the fraudulent pop-up window.
According to Texas' state data breach portal, at least 12,503 people in Texas were affected by the breach, though notifications were also filed in several other states including Vermont. The total number of victims nationwide has not been disclosed. For context, Lubbock has a total population of approximately 270,000 people.
The city noted that the payment website is hosted by a third-party vendor. Officials emphasized that the city's internal network was not compromised in the attack.
