Worth, Texas Water Department is notifying about 3,000 customers that their
payment information may have been exposed during a data breach.
The utility reported
that payments made between August 27, 2019 and October 23, 2019 were included
in the breach and the content exposed included cardholder’s name, credit card
billing address, credit card number, card type, credit card security code (CVV)
and card expiration date.
The only customers
affected were those who entered their payment card information for a specific
payment, those who had set up a recurring payment plan were not involved unless
they entered a new payment card during the period in question.
occurred at CentralSquare, the vendor the water department uses to interact
with the Click2Gov software that powers the H2Online payment system. The
malware has been removed from CentralSquare’s system and the utility is
continuing its migration away from Click2Gov to the Paymentus system.
Click2Gov itself was hit with a separate data breach in September 2018 that affected many of its municipal customers.