MARIETTA, Ga. (CBS46) -- The City of Marietta was informed by one of its software vendors, Central Square Technologies, that there was a serious security breach in their utility payment system, Click2Gov.
Targeted in that breach was customer credit card information.
Customers who made payments on the City website via Click2Gov between August 26 – October 26, 2019 with a credit card, could have had that credit card information compromised.
A customer’s credit card information would only be at risk if that person manually entered their credit card information on the Click2Gov application during that time frame. Customers enrolled in the auto pay system prior to or after those dates, and those who have paid in person, by mail, and over the phone during those dates were not affected. Additionally, tax payments are not affected.
“So if they saved their credit card in the wallet feature, that was NOT compromised,” said Ronnie Barrett, the IT Director for the City of Marietta and Marietta Power and Water. “It was just the people who manually entered their credit card in for a one-time payment.”
Officials with Central Square Technology told the City that they do not have evidence showing that any Marietta customer transaction was, in fact, compromised.
The FBI is now investigating the data breach, as over 30 cities in the United States use the Click2Gov platform.
“We were originally notified December 2nd and then the FBI contacted us on December 3rd,” said Barrett. “It became an active investigation and we weren’t at liberty to discuss the ongoing investigation until just recently. You get a phone call from the FBI, obviously it’s a little nerve-wracking.”
Central Square Technologies told Marietta officials that they have corrected the issue and that no customer credit card data has been at risk since they made the correction. Central Square Technologies has agreed to offer free credit monitoring for impacted customers through Epiq.
Marietta will send letters out to those individuals as well, to inform them of next steps.
CBS46 asked the City’s IT Director if they might consider switching vendors, due to the breach.
“The vendor has been here a long time, and this is the first compromise we’ve experienced. We’re going through a process with them to make sure we understand what happened fully,” said Barrett. “They have assured us they have repaired this particular vulnerability…and it’s a potential compromise, not a verifiable compromise at this time, so that’s something we’ll have to continue to have discussions about and if we need to move in another direction, we will have to do that over time because it’s a very complicated system that would have to be re-engineered,” he said.
Security expert Janice Toms says consumers should do their homework before using 3rd party websites, because they don’t all follow the same set of standards.
“Security, in general, is like peeling back an onion, companies do what they need to do to be compliant, but how deep that goes, is up to the company’s concern on risk,” she said.
Toms is the owner of TeamLogic IT, which provides IT services, and solutions. She says hackers are becoming increasingly sophisticated.
“People that hack into these companies are professionals, they understand exactly what they’re doing and the level they take it. And so consumers need to make sure they are protected,” she said.
If you believe you may have been affected or have questions, you can call the City directly at 770.794.1803.