The incident could have affected about 3,000 credit card holders who made one-time online payments to the city between Aug. 27 and Oct. 23, according to a city news release. Credit card information that could have been stolen includes cardholder name, billing address, credit card number, security code and expiration date.
Customers who set up recurring payments by credit card will not be impacted unless they logged in and entered a different credit card number between those dates, according a news release. Customers who paid by phone or in person also will not be impacted.
“We’re not happy this happened, but we’re trying to do everything we can to keep this from being a recurring situation,” said Mary Gugliuzza, media relations director for the water department.
The city was made aware of the incident after receiving a notification from CentralSquare, Fort Worth’s vendor for Click2Gov software, which powers the water department’s online payment system.
The vendor determined that an unauthorized person or persons had inserted code into the software to capture personal payment card information from customers who logged into the system and made a credit card payment, according to a news release.
Upon notification, the city worked with CentralSquare to remove the code and replace the server supporting the Click2Gov system. The software is being monitored for any code changes.
Other cities who use Click2Gov also had their billing systems impacted, according to a report from Forbes.
Prior to the incident, Fort Worth had already planned to move away from Click2Gov. The city is migrating to a new online-payment system called Paymentus. This new system does not require the city’s server to act as a host, and it boasts enhanced security features, Gugliuzza said.
In the meantime, impacted cardholders are being offered one year of free credit monitoring by CentralSquare. The impacted cardholders were sent letters from the city earlier this week that will include unique customer information on how to take advantage of that offer, and a follow-up letter will be sent by CentralSquare.
“Regularly check your credit card statements,” Gugliuzza said. “And when you find charges that you know you didn't make, contact your credit card company.”