[BreachExchange] City of Tyler's Click2Gov payment system breached
Destry Winant
destry at riskbasedsecurity.com
Mon Sep 10 21:26:03 EDT 2018
http://www.kltv.com/story/39060322/city-of-tylers-click2gov-payment-system-breached
The City of Tyler said that there has been a security breach of their
Click2Gov online payment system.
According to a press release from the city Monday, they were notified
that an unknown third-party was able to gain access to payments made
through the system the City uses to collect payments for utilities and
municipal court fines and fees.
The City said the date range of the breach was between June 18 and
August 21, 2018.
The press release said credit card information for utilities and
municipal court customers who made payments in person may have been
breached as well as those who made one-time payments online.
The City said it is in the process of identifying and contacting
individual customers who may be affected by the breach.
They said payments made with a credit card through the 24-hour kiosk
or over the phone through the IVR payment system were not affected.
The city said personal information affected by the incident includes
payment card information (card number, security code, and expiration
date), first and last name, middle initial, address, city, state and
zip code.
They also said upon notification, the City immediately shut down their
payment connection to Superion, the Click2Gov software provider, and
began working with them to determine if their customers’ information
was compromised. They then implemented additional security measures
designed to prevent a recurrence of such an attack, and to protect
your privacy. The online payment system has been secured and is back
online. They are working closely with law enforcement to ensure the
incident is properly addressed.
The City said customers should review any credit card statements
closely and report any unauthorized charges, no matter how small, to
the card issuer immediately. The phone number to call is usually on
the back of the payment card.
Ask your credit card issuer/bank to deactivate your card and issue a new card.
They also said you should request a fraud alert to be placed on your
credit file. A fraud alert tells creditors to contact you before they
open any new accounts or change your existing accounts. You may call
any of the three major credit bureaus listed in this communication.
As soon as one credit bureau confirms your fraud alert, the others are
notified to place fraud alerts. The initial fraud alert stays on your
credit report for 90 days. You can renew it after 90 days.
You can also file a report refer them to IdentityTheft.gov or IC3.gov.
These are federal reporting sights for computer/on-line crimes.
IdentityTheft.gov will provide you with a case number.
They also said you can request that all three credit reports be sent
to you, free of charge, for your review. Even if you do not find any
suspicious activity on your initial credit reports, the Federal Trade
Commission recommends that you check your credit reports periodically.
Thieves may hold stolen information to use at various times. Check
your credit reports periodically to help spot problems and address
them quickly.
Any vulnerability regarding credit card information would not have
increased the amount of a monthly bill. They encourage customers to
contact them with any concerns at (903-531-1119) or
(helpdesk at tylertexas.com).
The City apologized for any inconveniences or concerns the breach has
caused customers. They said they are taking all necessary steps to
investigate the breach and ensure the most secure online experience
possible for our customers.
More information about the BreachExchange
mailing list