Hackers Steal City Utility Customers' Payment Information | Local News | Bend | The Source Weekly - Bend, Oregon
Pin It

Hackers Steal City Utility Customers' Payment Information 

City of Bend announced a major data breach affecting people who paid their utility bills online

The City of Bend announced today that a security breach may have compromised the credit and debit card information of about 5,000 people who paid their City utility bill online.

According to a press release from the City, the security issue will only potentially affect people who enrolled in autopay or who made a one-time utility bill payment between August 30 and October 14, 2019. Autopay customers who enrolled before or after that were not affected, the City's release stated.

click image FLICKR
  • Flickr

Stolen customer data could include the cardholder’s name, card billing address, card number, card type, card security code and expiration data. Social security numbers and government-issued ID numbers were not affected, the City stated.

The City uses the third-party vendor CentralSquare to manage the online utility payment portal, known as Click2Gov. According to its website, CentralSquare, headquartered in Florida, works with public-sector clients to offer the "broadest, smartest and most unified software suite that powers all aspects of managing local government." CentralSquare told the City that malicious code may have been inserted into the Click2Gov software, which may have allowed hackers to steal credit and debit card information from people using the system.

This is not the first time CentralSquare has had a security beach. Its Click2Gov platform has been hacked in dozens of cities across the U.S. beginning in 2017, as first reported by Oregon Public Broadcasting. The Medford Mail Tribune reported that it took the City of Medford five months to alert its 1,824 online utility customers of a breach that first occurred on Feb. 18, 2018. In the Medford case, a forensic investigation company hired by the city determined that hackers were able to gain access to the city's website and capture payment information as it was entered into the Click2Gov system.

Officials at the City of Bend declined to comment when asked about previous Click2Gov incidents in other cities.

City of Bend officials said they worked with CentralSquare to remove the malicious code and ensure that this incident is not ongoing.

An ongoing issue in breaches that have been reported around the county is that city government cyber security systems are sometimes outdated and vulnerable to attack through 3rd party online payment systems.

“This incident involved Click2Gov’s software. It was not due to a vulnerability of the City’s infrastructure, systems or security,” the City’s press release stated.

This City hired outside legal counsel and Sylint, a third-party forensic investigator to evaluate the situation. Local and federal law enforcement will collaborate in an ongoing investigation. They have have also hired Kroll, a cyber security risk-management firm.

"Kroll is providing a number of services to the City, including helping the City comply with its regulatory requirements under Oregon and other state law, offering credit and identity monitoring services to customers who may have been affected, and operating the call center," said Joshua Romero, Communications Manager for the City.

The City will send snail mail notifications to anyone who may have been affected sometime this week. The City plans to move to a new online payment system in the near future. They already had plans in the works to migrate to a new payment provider within the next year, but they may do it early than that because of this incident.

The City has advised customers who made one-time payments or enrolled in autopay between August 30, 2019 and October 14, 2019 to monitor their bank and credit card accounts and report any suspicious charges to their bank. Any customer that may have been affected by the breach will be offered one year of credit and identity monitoring paid for by the City.

Learn more at bendoregon.gov/data-advisory or call 884-987-1209.

Editor's note: This story has been updated from its original version to add more information about CentralSquare. We'll continue to update it as more information becomes available.
Pin It


Subscribe to this thread:

Add a comment

Newsletter Signup

Cascades Reader Logo Cascades Reader

Get your daily dose of news for Central Oregon and beyond, delivered to your inbox five days a week. Powered by the Source Weekly.

Latest in Local News

  • Source Weekly Update Podcast 2/28/20

    • Feb 26, 2020
    Is Bend getting shorted on vacation rental taxes? Plus, the never-ending saga of dredging Mirror Pond More »
  • Mirror of Sand

    • Feb 26, 2020
    As Bend Park and Recreation District and the City of Bend move forward with plans for a fish passage committee for Newport Dam and Mirror Pond, the age-old debate about dredging resurfaces once again. More »
  • R.I.Bee.

    • Feb 26, 2020
    Oregon lost nearly half its honey bee population from 2018 to 2019. Local honey bee experts explain the importance of doing our part to keep bees alive More »
  • More »

More by Laurel Brauns

  • Where Do Marijuana Taxes Go?

    Where Do Marijuana Taxes Go?

    The State has pumped millions into extra funding for schools, mental health and cops
    • Feb 26, 2020
  • Plants Over Pills

    Plants Over Pills

    A growing body of scientific research demonstrates the antidepressant qualities of CBD
    • Feb 26, 2020
  • Mirror of Sand

    Mirror of Sand

    As Bend Park and Recreation District and the City of Bend move forward with plans for a fish passage committee for Newport Dam and Mirror Pond, the age-old debate about dredging resurfaces once again.
    • Feb 26, 2020
  • More »

Readers also liked…

  • The War Wages On

    The War Wages On

    Oregon will have 11 dedicated opioid treatment centers by 2019. Where—as a city, state and as a nation—are we in this raging opioid epidemic?
    • Jul 18, 2018
  • A new Candidate for House District 54

    A new Candidate for House District 54

    Amanda La Bell is running on the Oregon Working Families ballot line
    • Aug 27, 2018

© 2020 LAY IT OUT INC | 704 NW GEORGIA AVE, BEND, OREGON 97703  |   Privacy Policy

Website powered by Foundation