The city of bend was recently informed that a potential data surety incident may make compromised the payment card info of some City utility customers who made one-time utility invoice payments or enrolled in auto pay using a credit or debit card between August 30, 2019 and october 14, 2019. The data that may have been affected could include the cardholders name, card billing address, card number, card type, card surety code and card expiration date. Other personal info such as Social Security numbers or government-issued identification numbers were not affected by this incident. The city of bend does not collect that information for utility billing purposes. City utility customers who signed up for auto pay by credit/debit card or bank drafts before August 30, 2019 or after October 14, 2019, and customers who paid in mortal or by check, are not affected. The city learned of the potential security incident from CentralSquare, the third-party vendor that manages and operates the Citys online utility payment portal, known as Click2Gov. CentralSquare determined that malicious encrypt may have been inserted into the Click2Gov software which could have allowed an unauthorized party to copy personal defrayal card information from customers who logged into the system to pee a one-time citation card payment or to enroll in auto pay between August 30, 2019 and october 14, 2019. Existing auto pay customers were not affected. The city has worked with CentralSquare to remove the malicious cipher from Click2Gov to ensure that this incident is not ongoing and has implemented additional security measures to help mitigate future risk. This incident involved Click2Govs software. It was not due to a vulnerability of the Citys infrastructure, systems, or security. Data privacy and security for our customers are high priorities, and we are taking this situation very seriously, said Chief innovation Officer Stephanie Betteridge. We are doing everything we can to mitigate the situation, function our customers and protect against future incidents. The city is working with CentralSquare, a third-party forensic investigator, outside legal counsel, and local and federal law enforcement to evaluate the nature and scope of the incident. The investigation is ongoing. We are in the process of notifying the individuals who may be affected directly by mail. Letters are expected to be mailed this week. The City has plans in put to migrate to a new defrayal processing services provider in the near future. Customers who made one-time payments or enrolled in auto pay between August 30, 2019 and October 14, 2019 should monitor their financial accounts and promptly story any suspicious activity to their banks. Those customers will also be offered one twelvemonth of citation and identity-monitoring services at no cost. Customers who may have questions or would like more information may visit our website at www.bendoregon.gov/data-advisory. We have also established a dedicated phone centre to call customer concerns, which canful be reached at (844) 987-1209 from 8:00 a.m. to 5:00 p.m. Pacific Time, monday through Friday, excluding holidays. Source: City of Bend, Oregon. The bend Bulletin reports that about 5,000 people may get been impacted.