[BreachExchange] Rancho Cucamonga-based water district reports data breach

Destry Winant destry at riskbasedsecurity.com
Tue Dec 10 10:03:03 EST 2019


Unauthorized access of a server used to process payments for a San
Bernardino County water utility may have exposed some customers’
billing information to theft, authorities disclosed last week.

Central Square, an outside vendor for the Cucamonga Valley Water
District, reported that a server handling one-time credit card
transactions for the utility had been breached between Aug. 26 and
Oct. 14, CVWD officials said Dec. 4 in a post on the utility website.

Investigators did not immediately find conclusive evidence of data
theft, but it is possible that some payment details may have been

The vendor has enlisted a cybersecurity firm to investigate the matter
and taken steps to prevent further unauthorized access of the
Click2Gov web payment portal used by CVWD and other utility customers,
said the post.

The district’s relationship with Central Square and that firm’s
security protocols were placed under evaluation following reports of
the data breach.

CVWD serves customers in Rancho Cucamonga, Upland, Fontana and
Ontario. The incident did not affect every customer, the utility said.
Those whose personal information may have been compromised will
receive letters directly from the district.

Central Square is also offering a 12-month subscription to a credit
monitoring service, TransUnion, to potential victims. Customers
seeking additional information may contact the district’s customer
service team at 855-654-2893, or an outside firm, Epiq, at

Further details regarding what led up to the breach and any suspects
who might have been responsible were not immediately released.

More information about the BreachExchange mailing list