BillTrust is a major player in the US financial services sector

They provide a variety of billing and payment processing services for some of the biggest financial institutions in the nation. On October 17th, they suffered a malware attack that brought all of their services to a grinding halt.

Unfortunately, BillTrust (The news section of their website mentions nothing about this incident) did not notify any of their customers about the incident.

Instead, one of their customers, Wittichen Supply Company (WSC), noticed issues with Billtrust's services and posted information about the outage on their company's website. That prompted Billtrust to reach out to them and provide additional information.

WSC's notice reads, in part, as follows

"We were notified late yesterday that BillTrust (our third party vendor for customer invoice and online bill payment) was the subject of a Malware attack.  BillTrust is working with federal law enforcement and cybersecurity firms to investigate and remediate the attack."

BillTrust went on to assure Wittichen Supply Company that none of its customers' data was compromised and that they were working around the clock to restore services. WSC's announcement finally did prompt the company to provide some additional information, which it made available to its customers.

On October 18th, Billtrust posted the following

  • Billtrust Credit (former Credit2B) - up and operational
  • Billtrust eCommerce (Second Phase) - up and operational
  • Billtrust Virtual Card Capture - scheduled to be up and running on Saturday, October 19 with a plan to work through the weekend to begin catching up on backlog.
  • Billtrust Cash Application - Over the next 12-24 hours, we intend to bring Cash Application customers live starting with the processing of lockbox and open balance files.
  • Billtrust Billing & Payments - Billing and Payment websites will be turned on this evening followed by FTP connectivity. We expect card payment processing to resume this evening and ACH processing to resume on Monday, October 21 but will update you if anything changes.
  • Billtrust VueBill - Please contact your account representatives for specific details.

Our perspective

It's good information.  It's just a pity that the company didn't see fit to start providing it until they were forced to do so by one of their own customers.  In any case, if you use Billtrust, be aware.  No further details about the attack have been forthcoming to this point.

 

As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!"

 

Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.

Contact me if you would like me to speak at your association.