Hackers Steal City Utility Customers' Payment Information | The Source Weekly - Bend, Oregon
Support local, independent journalism in Central Oregon! Become a Source Weekly Insider today.
Pin It

Hackers Steal City Utility Customers' Payment Information 

City of Bend announced a major data breach affecting people who paid their utility bills online

The City of Bend announced today that a security breach may have compromised the credit and debit card information of about 5,000 people who paid their City utility bill online.

According to a press release from the City, the security issue will only potentially affect people who enrolled in autopay or who made a one-time utility bill payment between August 30 and October 14, 2019. Autopay customers who enrolled before or after that were not affected, the City's release stated.

click image FLICKR
  • Flickr

Stolen customer data could include the cardholder’s name, card billing address, card number, card type, card security code and expiration data. Social security numbers and government-issued ID numbers were not affected, the City stated.

The City uses the third-party vendor CentralSquare to manage the online utility payment portal, known as Click2Gov. According to its website, CentralSquare, headquartered in Florida, works with public-sector clients to offer the "broadest, smartest and most unified software suite that powers all aspects of managing local government." CentralSquare told the City that malicious code may have been inserted into the Click2Gov software, which may have allowed hackers to steal credit and debit card information from people using the system.

This is not the first time CentralSquare has had a security beach. Its Click2Gov platform has been hacked in dozens of cities across the U.S. beginning in 2017, as first reported by Oregon Public Broadcasting. The Medford Mail Tribune reported that it took the City of Medford five months to alert its 1,824 online utility customers of a breach that first occurred on Feb. 18, 2018. In the Medford case, a forensic investigation company hired by the city determined that hackers were able to gain access to the city's website and capture payment information as it was entered into the Click2Gov system.

Officials at the City of Bend declined to comment when asked about previous Click2Gov incidents in other cities.

City of Bend officials said they worked with CentralSquare to remove the malicious code and ensure that this incident is not ongoing.

An ongoing issue in breaches that have been reported around the county is that city government cyber security systems are sometimes outdated and vulnerable to attack through 3rd party online payment systems.

“This incident involved Click2Gov’s software. It was not due to a vulnerability of the City’s infrastructure, systems or security,” the City’s press release stated.

This City hired outside legal counsel and Sylint, a third-party forensic investigator to evaluate the situation. Local and federal law enforcement will collaborate in an ongoing investigation. They have have also hired Kroll, a cyber security risk-management firm.

"Kroll is providing a number of services to the City, including helping the City comply with its regulatory requirements under Oregon and other state law, offering credit and identity monitoring services to customers who may have been affected, and operating the call center," said Joshua Romero, Communications Manager for the City.

The City will send snail mail notifications to anyone who may have been affected sometime this week. The City plans to move to a new online payment system in the near future. They already had plans in the works to migrate to a new payment provider within the next year, but they may do it early than that because of this incident.

The City has advised customers who made one-time payments or enrolled in autopay between August 30, 2019 and October 14, 2019 to monitor their bank and credit card accounts and report any suspicious charges to their bank. Any customer that may have been affected by the breach will be offered one year of credit and identity monitoring paid for by the City.

Learn more at bendoregon.gov/data-advisory or call 884-987-1209.

Editor's note: This story has been updated from its original version to add more information about CentralSquare. We'll continue to update it as more information becomes available.
Pin It


Subscribe to this thread:

Add a comment

Readers also liked…

Today | Fri | Sat | Sun | Mon | Tue | Wed

Raider Watch Party with Super Bowl Champ Otis Sistrunk - Pour House Grill

Sun., Dec. 4, 1-4 p.m.
Submitting an event is free and easy.

Newsletter Signup

Get Central Oregon daily news
directly in your inbox

Get Social

Latest in Local News

  • And 'Verk' He Did!

    • Nov 30, 2022
    A tribute to William Smith, 1941-2022 More »
  • Measure 110, Four Months In

    • Nov 30, 2022
    Measure 110 decriminalized recreational possession and funded addiction recovery specialists, who just recently got funding to expand. Advocates says it's too soon to call the effort a success or failure. More »
  • Cranston Sentenced to 10 Years

    • Nov 30, 2022
    The sentence includes over a year of time served, with lesser charges running concurrent to the first-degree manslaughter charge More »
  • More »

More by Laurel Brauns

Want to advertise with us?

For info on print and digital advertising, >> Click Here

© 2022 LAY IT OUT INC | 704 NW GEORGIA AVE, BEND, OREGON 97703  |   Privacy Policy

Website powered by Foundation