PALM BAY, Fla. — Palm Bay officials are advising customers who pay their utilities online to make sure no fraudulent charges have been made it said after software used by the city was the target of a cyberattack.
- Palm Bay online utilities payment portal hit by data breach
- Officials say it's uncertain how many customers affected
- Software company acknowledges unauthorized access
The software, Click2Gov, is used by the city to accept utility payments. Palm Bay Community Information Coordinator Christina Born said CentralSquare, the company that manages Click2Gov, notified the city about the breach.
“(August) 29th, right before the hurricanes... There may have been some kind of issues, and we sent over our servers and sent it to (Central Square’s) forensic department,” Born said.
According to Palm Bay officials, they were not the only city targeted — seven others were also impacted nationwide.
Palm Bay says it’s uncertain how many of their 8,000 customers who pay their utility bills online were affected by the breach.
Born said that as a precaution, the city created a new server while CentralSquare contacted the customers’ credit companies about potential fraudulent charges.
Four cities in Florida have been hit so far by the cyberattack stealing customers’ payment information.
CentralSquare acknowledged to Spectrum News 13 that "a small number of customers have reported unauthorized access."
Here's the company's full statement:
"Local government and public safety agencies are under constant threat of cyberattack. Protecting our customers and their data is one of our most important goals at CentralSquare.
We have recently received reports that some consumer credit card data may have been accessed by unauthorized or malicious actors on our customers’ servers. It is important to note that these security issues have taken place only in certain towns and cities.
We have immediately conducted an extensive forensic analysis and contacted each and every customer that uses this specific software, and are working diligently with them to keep their systems updated and protected. At this time, only a small number of customers have reported unauthorized access.
For security and confidentiality reasons, we cannot disclose any information about our customers, their environments or their security.
Meanwhile, we continue our efforts in helping our customers to swiftly resolve this matter. We are working closely with forensic security experts and investigative agencies."