Personal information hacked from Carson City online utility payment system


Share this: Email | Facebook | X

Hackers managed last fall to access Carson City’s water bill payment system on the city website, obtaining personal information including credit card data of some 2,000 customers.

Manager Nancy Paulson said the security breach was through an unauthorized code inserted into the Click2Gov online payment system developed by CentralSquare Technologies and placed on the city’s website. She said the company is working with the city to fix the problem.

She said the code was designed to capture payment card data and other information between Aug. 1, 2019 and Sept. 12, 2019. The hackers had access to names, addresses, email addresses, card numbers, expiration dates and security codes as well as bank account and routing numbers.

She said the malicious code was immediately removed and they began an expanded security review with an outside forensics firm specializing in cyber security to prevent something like this from happening again.

“We are working with CentralSquare to enhance our security protocols and will be implementing additional security measures to future safeguard personal information,” Paulson said.

She recommended that those who received the letter notifying them of the problem, “remain vigilant to the possibility of fraud by reviewing your payment card statement and bank statements for any unauthorized charges.”

“You should immediately report any unauthorized charges to your card issuer because payment card network rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner,” she said in that letter.

The phone number to call is usually on the back of the credit card.

Paulson said customers with further questions can call 1-844-902-2027 Monday through Friday between 6 a.m. and 3:30 p.m.

-->

Hackers managed last fall to access Carson City’s water bill payment system on the city website, obtaining personal information including credit card data of some 2,000 customers.

Manager Nancy Paulson said the security breach was through an unauthorized code inserted into the Click2Gov online payment system developed by CentralSquare Technologies and placed on the city’s website. She said the company is working with the city to fix the problem.

She said the code was designed to capture payment card data and other information between Aug. 1, 2019 and Sept. 12, 2019. The hackers had access to names, addresses, email addresses, card numbers, expiration dates and security codes as well as bank account and routing numbers.

She said the malicious code was immediately removed and they began an expanded security review with an outside forensics firm specializing in cyber security to prevent something like this from happening again.

“We are working with CentralSquare to enhance our security protocols and will be implementing additional security measures to future safeguard personal information,” Paulson said.

She recommended that those who received the letter notifying them of the problem, “remain vigilant to the possibility of fraud by reviewing your payment card statement and bank statements for any unauthorized charges.”

“You should immediately report any unauthorized charges to your card issuer because payment card network rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner,” she said in that letter.

The phone number to call is usually on the back of the credit card.

Paulson said customers with further questions can call 1-844-902-2027 Monday through Friday between 6 a.m. and 3:30 p.m.