12,000 victims of fake payment windows: how hackers attacked the website of a utility company in Texas

4 April 2025 2 minutes Author: Newsman

Residents of Lubbock, Texas, were among the victims of a financial information leak: attackers introduced malicious code into the utility payment resource, imperceptibly taking possession of the data of more than 12,000 cards.

The incident unfolded from December 18, 2024 to January 6, 2025. Users who paid for water, sewage, garbage removal or stormwater through the City of Lubbock Utilities (COLU) website entered information not in real fields, but in a fake pop-up window created by scammers.

  • According to official security breach notifications that reached users, the attackers obtained names, addresses, payment card numbers, their CVV codes and expiration dates. The city’s internal systems were not compromised; the vulnerability was in a third-party vendor that hosted the COLU website.
  • While no payments were blocked, customer data ended up in the hands of criminals. The incident was also reported to the Texas State Registry, which has reported 12,503 victims—a number that is likely to grow with reports from other states, including Vermont.

The attack on Lubbock’s online payment system is a stark reminder of the vulnerability of municipal platforms. Even without compromising the underlying infrastructure, attackers can still inflict massive damage by exploiting simple interface elements. It’s a message to local governments across the country that systems that collect funds from the public need to be as secure as banking platforms.

Other related articles
News
Read more
Europol takes down Kidflix
The CSAM platform Kidflix, which was located on the darknet, was eliminated during a large-scale Europol operation that covered 35 countries. Over 72,000 videos were removed, 79 people were arrested and 1,393 more suspects were identified. The platform had 1.8 million users and operated through cryptocurrency tokens.
136
News
Read more
“Gorgon” from Uzhhorod – a new drone-bomber with digital control is already on the front lines
The Gorgona drone-bomber from Uzhhorod engineers can drop up to 5 kg of explosives, has digital control, two discharges, a powerful battery and a camera. The Rij team has produced more than 700 drones, including the Primara, Karakurt and Pergach. They cooperate with the combat brigades of Transcarpathia and are actively Ukrainizing Russian FPV drones, turning them into weapons for the Armed Forces of Ukraine.
162
News
Read more
Indiana University Cybersecurity Professor Fired in US
Indiana University cybersecurity professor Xiaofeng Wang was fired after an FBI raid, but no charges were filed. He and his wife, who also worked at the university, were under investigation, possibly related to their research or grants. Colleagues said the complaint against Wang was frivolous and that dismissing him without explanation violated academic standards. The union is demanding that the professor’s right to a due process hearing be restored.
152
Found an error?
If you find an error, take a screenshot and send it to the bot.
OSZAR »