A California city has temporarily shut down its online utility bill payment system amid fears that the portal suffered a breach. On 22 August 2017, the City Manager's Office of Oceanside, CA announced a possible security incident affecting its online bill payment system that residents can use to pay their utility (water, sewer, and trash) bills. As the coastal city describes in a news release:
"In the past few business days, a number of utility customers have alerted the City to unauthorized charges on credit cards they used to pay their City utility bills. At least two of these customers reported that they used their affected credit card only to pay their City of Oceanside utility bill and for no other purpose. These reports raised a concern that the City’s online payment system may have been breached."
City officials have yet to confirm whether the online utility bill payment system is the source of those unauthorized credit card charges. But out of concern for the digital security of its residents, Oceanside decided to temporarily suspend its payment system. It also launched an "internal assessment" of the system while law enforcement and a digital security expert it hired conduct separate investigations into what happened. At this time, Oceanside's city manager believes the breach affected residents who paid their utility bills using the city's system between 1 July 2017 and 13 August 2017. Anyone who fits that description should review their credit card bills on an ongoing basis for suspicious charges, report unauthorized transactions to their bank and to Oceanside's police department, ask their card issuer for a new payment card, request all three of their credit reports, and consider placing a fraud alert on their credit file. They should also stay on the lookout for fake energy bills that scammers could send to them by abusing personal information they might have entered into the city's online portal. Oceanside says it will provide updates about the incident as additional information becomes available.
