About 3,000 Fort Worth water customers may have had info stolen in data breach
About 3,000 customers of the Fort Worth Water Department may have had had their information stolen due to a data breach, a department spokeswoman said.
Those impacted would have made a one-time payment for Fort Worth water with a credit card between Aug. 27 and Oct. 23, spokeswoman Mary Gugliuzza said. The data that may be affected includes cardholder’s name, credit card billing address, credit card number, card type, credit card security code (CVV) and card expiration date.
Gugliuzza said the number of people impacted is a relatively small number. Fort Worth Water Department has about 263,000 water accounts.
CentralSquare, the vendor for the software Click2Gov that powers the department’s payment system, determined a breach occurred near the end of October or the beginning of November. Since then, the city and CentralSquare have worked to identify those customers affected by the breach.
Earlier this week, the city sent letters to those whose data may have been stolen. Impacted credit cardholders are being offered one year of free credit monitoring by CentralSquare.
Customers who paid by phone or paid in person were not impacted, Gugliuzza said. Customers who have recurring payments set up with the water department also were not affected unless they logged in and entered a different credit card number between the specified dates.
The breach happened when an unauthorized party inserted code into the software that captured payment information from customers who were logged in during that time frame, Gugliuzza said.
The city removed the code and replaced the entire server immediately. The water department is working to move to a new payment vendor that has enhanced security by March 1.
In September, CentralSquare’s Click2Gov software was breached in eight other cities in five states — Deerfield Beach, Florida; Palm Bay, Florida; Milton, Florida; Coral Springs. Florida; Bakersfield, California; Pocatello, Idaho; Broken Arrow, Oklahoma; and Ames, Iowa; Threat Post reported.
In December 2018, Click2Gov software was breached across the U.S. and Canada and over 300,000 credit card records were compromised, Gemini Advisory reported.
This story was originally published December 5, 2019 at 12:16 PM.
