[BreachExchange] Personal information hacked from Carson City online utility payment system
Destry Winant
destry at riskbasedsecurity.com
Thu Feb 13 10:12:53 EST 2020
https://www.nevadaappeal.com/news/carson-city/personal-information-hacked-from-carson-city-online-utility-payment-system/
Hackers managed last fall to access Carson City’s water bill payment
system on the city website, obtaining personal information including
credit card data of some 2,000 customers.
Manager Nancy Paulson said the security breach was through an
unauthorized code inserted into the Click2Gov online payment system
developed by CentralSquare Technologies and placed on the city’s
website. She said the company is working with the city to fix the
problem.
She said the code was designed to capture payment card data and other
information between Aug. 1, 2019 and Sept. 12, 2019. The hackers had
access to names, addresses, email addresses, card numbers, expiration
dates and security codes as well as bank account and routing numbers.
She said the malicious code was immediately removed and they began an
expanded security review with an outside forensics firm specializing
in cyber security to prevent something like this from happening again.
“We are working with CentralSquare to enhance our security protocols
and will be implementing additional security measures to future
safeguard personal information,” Paulson said.
She recommended that those who received the letter notifying them of
the problem, “remain vigilant to the possibility of fraud by reviewing
your payment card statement and bank statements for any unauthorized
charges.”
“You should immediately report any unauthorized charges to your card
issuer because payment card network rules generally provide that
cardholders are not responsible for unauthorized charges reported in a
timely manner,” she said in that letter.
The phone number to call is usually on the back of the credit card.
Paulson said customers with further questions can call 1-844-902-2027
Monday through Friday between 6 a.m. and 3:30 p.m.
More information about the BreachExchange
mailing list