Unfortunately, the company did not notify any of their customers about the incident.
Instead, one of their customers, Wittichen Supply Company, noticed issues with Billtrust’s services and posted information about the outage on their company’s website. That prompted Billtrust to reach out to them and provide additional information.
Wittichen’s notice reads, in part, as follows:
“We were notified late yesterday that BillTrust (our third party vendor for customer invoice and online bill payment) was the subject of a Malware attack. BillTrust is working with federal law enforcement and cyber security firms to investigate and remediate the attack.”
BillTrust went on to assure Wittichen Supply Company that none of its customers’ data was compromised and that they were working around the clock to restore services. Wittichen’s announcement finally did prompt the company to provide some additional information, which it made available to its customers.
On October 18th, Billtrust posted the following overview of their services and their operational status:
- Billtrust Credit (former Credit2B) – up and operational
- Billtrust eCommerce (Second Phase) – up and operational
- Billtrust Virtual Card Capture – scheduled to be up and running on Saturday, October 19 with a plan to work through the weekend to begin catching up on back log.
- Billtrust Cash Application – Over the next 12-24 hours, we intend to bring Cash Application customers live starting with processing of lockbox and open balance files.
- Billtrust Billing & Payments – Billing and Payment websites will be turned on this evening followed by FTP connectivity. We expect card payment processing to resume this evening and ACH processing to resume on Monday, October 21 but will update you if anything changes.
- Billtrust VueBill – Please contact your account representatives for specific details.
It’s good information. It’s just a pity that the company didn’t see fit to start providing it until they were forced to do so by one of their own customers. In any case, if you use Billtrust, be aware. No further details about the attack have been forthcoming to this point.