It was a tough first day Monday for the city of Seattle’s new billing system for utility customers, as more than 3,000 people mistakingly received links allowing them to see other people’s bills, which include names, addresses and utility usage and account numbers, along with their own. Those customers also received redundant notification emails.
As first reported by The Seattle Times and confirmed by GeekWire, the glitch meant 3,041 customers got the link, out of about 30,000 bills sent by mail and electronically Sunday evening and Monday morning. Those were sent out as part of the launch of the city’s new billing system for Seattle City Light and Seattle Public Utilities customers.
The city is investigating exactly how many people clicked on the links, and how many customers’ bills were exposed, City Light spokesman Scott Thomsen told GeekWire. A customer reported the issue at 9:48 a.m., according to a press release from the city, and the system was shut down at 10:30 a.m. The billing system came back online at 6:40 p.m. Monday after the issue was fixed.
Bills do not include social security numbers, bank account numbers or credit card information, so those pieces of data were not exposed. The city says the issue was a result of a technical issue and not a cyberattack or hack.
The new billing system, which City Light and Public Utilities say is necessary to replace an outdated, 15-year-old system that is no longer supported by its vendor, opened a year later than originally expected with an additional cost of $34 million. City staff worked with Oracle and PricewaterhouseCoopers on the billing system. The city says the system will 5.5 million bills annually and collect approximately $1.8 million in annual revenue.
