Another Click2Gov breach, this time affecting up to 2400 residents of the City of Bakersfield. The city’s statement, below, doesn’t indicate whether they were ever warned by CentralSquare Technologies, and if so, what they had done in response.
DataBreaches.net has filed under freedom of information to try to obtain more records showing what CST had told the city and when.
Notice to Individuals Regarding Privacy Incident Involving the City of Bakersfield
NOTICE OF DATA BREACH
The City of Bakersfield (“Bakersfield”) values the relationship it has with its customers and understands the importance of protecting their information. This notice relates to information of some of its customers.
What Happened
After receiving reports that fraudulent activity was detected on payment cards used legitimately on our website, Bakersfield immediately launched an investigation. Through our investigation, we determined that an unauthorized party had inserted unauthorized code into Bakersfield’s online payment system, Click2Gov, which is developed by its third-party vendor, CentralSquare Technologies (“CentralSquare”). The unauthorized code was designed to capture payment card data and other information entered on Bakersfield’s Click2Gov online payment system between the dates of August 11, 2018 and October 1, 2018. Upon learning of the unauthorized code, Bakersfield began working with CentralSquare to remove the unauthorized code from our website’s Click2Gov online payment system.
What Information Was Involved
The information entered on the Click2Gov online payment system on Bakersfield’s website includes name, address, email address, payment card number, expiration date, and card security code (CVV).
What We Are Doing
Upon learning of the incident, Bakersfield worked swiftly to address the issue by immediately removing the malicious code from the Click2Gov online payment system on our website and initiating an expanded security review with CentralSquare. To prevent another incident, we are enhancing our existing security protocols and re-educating our vendors on the importance of protecting personal information. Bakersfield also contacted law enforcement and is continuing to support law enforcement’s investigation.
What You Can Do
We remind you to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized charges. You should immediately report any unauthorized charges to your card issuer because payment card network rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of your payment card. Bakersfield will begin mailing letters to the potentially affected individuals on November 12, 2018, and Bakersfield has established a dedicated call center to answer any questions. If you believe you may be affected by this incident but did not receive a letter by November 26, 2018, call (888) 278-8028 Monday through Friday, between 9:00 a.m and 6:00 p.m., Pacific Time.
ADDITIONAL STEPS YOU CAN TAKE
The City of Bakersfield recommends that you remain vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To orderyour annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows:
Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111
Experian, PO Box 2002, Allen, TX 75013, www.experian.com, 1-888-397-3742
TransUnion, PO Box 2000, Chester, PA 19016, www.transunion.com, 1-800-916-8800
If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in yourstate. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:
Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW Washington, DC20580, www.ftc.gov/idtheft, 1-877-IDTHEFT (438-4338)