The City of Oxnard has released steps on how to fix a data breach that compromised the personal information of online utility payers and what the City is going in the future to protect that information.
The City says that on May 25, they received a call from a banking institution advising that some of their credit card holders experienced fraudulent purchases on their accounts and these were the same cards used to pay their Oxnard utility bills
The City reported the issue to the Police Department and the city’s online payment vendor, Click2Gov (Superion). The vendor says that a vulnerability in the city’s software may have allowed an unauthorized individual to gain access to the computer used to process credit card transactions. Security patches were applied to the city’s vendor on a new server to eliminate the vulnerability with the thought that the issue was resolved.
However, on May 29 the city’s vendor informed the city that additional security controls were required to secure the system. The city immediately shut down the system so the security controls could be implemented. The notified customers as a precaution, but the vendor’s investigation could not specifically confirm or verify the exact method by which the information was compromised.
The City says anyone who used the City’s Click2Gov payment system between March 26 and May 29 may have been affected. The unauthorized user may have accessed information like customer names, payment card number, and expiration dates. Anyone who pays their utility bills over the phone with the interactive voice response system was not impacted since that is a separate system.
Here is a link to the original Facebook post.