DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

OR: The City of Bend discloses Click2Gov breach

Posted on January 7, 2020 by Dissent

The City of Bend was recently informed that a potential data security incident may have compromised the payment card information of some City utility customers who made one-time utility bill payments or enrolled in auto pay using a credit or debit card between August 30, 2019 and October 14, 2019.

The data that may have been affected could include the cardholder’s name, card billing address, card number, card type, card security code and card expiration date. Other personal information such as Social Security numbers or government-issued identification numbers were not affected by this incident. The City of Bend does not collect that information for utility billing purposes.

City utility customers who signed up for auto pay by credit/debit card or bank drafts before August 30, 2019 or after October 14, 2019, and customers who paid in person or by check, are not affected.

The City learned of the potential security incident from CentralSquare, the third-party vendor that manages and operates the City’s online utility payment portal, known as Click2Gov. CentralSquare determined that malicious code may have been inserted into the Click2Gov software which could have allowed an unauthorized party to copy personal payment card information from customers who logged into the system to make a one-time credit card payment or to enroll in auto pay between August 30, 2019 and October 14, 2019. Existing auto pay customers were not affected.

The City has worked with CentralSquare to remove the malicious code from Click2Gov to ensure that this incident is not ongoing and has implemented additional security measures to help mitigate future risk. This incident involved Click2Gov’s software. It was not due to a vulnerability of the City’s infrastructure, systems, or security.

“Data privacy and security for our customers are high priorities, and we are taking this situation very seriously,” said Chief Innovation Officer Stephanie Betteridge.  “We are doing everything we can to mitigate the situation, serve our customers and protect against future incidents.”

The City is working with CentralSquare, a third-party forensic investigator, outside legal counsel, and local and federal law enforcement to evaluate the nature and scope of the incident. The investigation is ongoing. We are in the process of notifying the individuals who may be affected directly by mail. Letters are expected to be mailed this week.

The City has plans in place to migrate to a new payment processing services provider in the near future.

Customers who made one-time payments or enrolled in auto pay between August 30, 2019 and October 14, 2019 should monitor their financial accounts and promptly report any suspicious activity to their banks. Those customers will also be offered one year of credit and identity-monitoring services at no cost.

Customers who may have questions or would like more information may visit our website at www.bendoregon.gov/data-advisory. We have also established a dedicated call center to address customer concerns, which can be reached at (844) 987-1209 from 8:00 a.m. to 5:00 p.m. Pacific Time, Monday through Friday, excluding holidays.

Source: City of Bend, Oregon.

The Bend Bulletin reports that about 5,000 people may have been impacted.

Related posts:

  • AMI Group – Travel & Tours notice of ransomware attack
  • Madison Square Garden Company Alerts Customers of Payment Card Data Breach
Category: Government SectorMalwareSubcontractorU.S.

Post navigation

← Mercy Health Lorain Hospital Laboratory patients notified of HIPAA breach due to contractor invoice printing error
NM: 2 months after ransomware attack, Las Cruces Public Schools still crippled by limited internet access →

2 thoughts on “OR: The City of Bend discloses Click2Gov breach”

  1. SuzanneW says:
    January 7, 2020 at 8:12 pm

    This breach just never ends.

    1. Dissent says:
      January 8, 2020 at 10:00 am

      I wonder whether Click2Gov should just notify all clients — if they haven’t already — that there’s a good chance that they were hacked between Aug. x and October y and here’s what they should check for in logs, etc…

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.