[BreachExchange] Oceanside investigating possible data theft on bill-paying website

[Destry Winant]

http://www.sandiegouniontribune.com/communities/north-county/sd-no-oceanside-fraud-20170823-story.html

The city of Oceanside has shut down its online bill-paying system for
utility customers while it investigates a possible data breach of
customers’ account and credit card information.

Twenty-five residents who recently paid their water, sewer or trash
bills through the city’s online portal contacted the city on Aug. 13
to report unauthorized charges on the credit cards they used to set up
their city accounts. To prevent any further problems, the city shut
down the service immediately, said Jane McPherson, Oceanside’s
financial services director.

The city is now investigating the potential breach and is working with
the FBI and other agencies to assess the size and the content of the
possible data theft, McPherson said.

“We’re in discovery mode right now,” she said. “We wanted to make sure
we took every effort to protect our customers and citizens. We have a
myriad dof people checking every single thing. Until we’re sure, we
can’t guess how many people have been affected. As more information
comes in we will make it available to everyone.”

Utility customers who used the online service have been contacted and
asked to check their credit cards and accounts if they used a card to
pay one of their utility bills between July 1 and Aug. 13.

Affected customers are advised to check their credit card accounts for
unauthorized charges, no matter how small, and to report them to the
credit card issuer or bank. They should also request a new card be
issued.

If the customer sees a suspicious charge, they should file a a crime
report with the Oceanside Police Department, which will request at
least two months of credit card statements highlighting the fraudulent
activity. Contact Police Det. Bob Moore at (760) 435-4435 or Sgt. John
McKean at (760) 435-4861.

Customers who have spotted suspicious charges should also place a
fraud alert on their credit file, which will remain in place for 90
days. The three agencies that compile credit reports are: Equifax
(800) 525-6285; Experian (888) 397-3742; and TransUnion (800)
680-7289.

The city of Oceanside is also manning a customer care service line at
(760) 435-4500. McPherson said call activity has been high, but the
staff has been working hard to return every call within a day.

In the meantime, customers who still want the option of paying their
utility bills by card can use an Express Pay option, which is not
connected with the vendor that processed utility payments July 1-Aug.
13. Express Pay can be found at the very bottom of the online payments
page on the city website at: ci.oceanside.ca.us/services/payment.asp.

“We’re sure it’s safe to use and it’s not affected by the breach in
any other systems,” McPherson said. “We’re working hard on this and we
want our customers to know we’ll work with them to make sure their
payments get posted.”