SEVERE WX : Air Stagnation Advisory View Alerts

City of Medford Reports Data Breach in Online Billing System

The Click2Gov system that processes online payments for utility billing, permits and business licenses was apparently targeted by malware skimming for credit and debit card information of users.

Posted: Jul 23, 2018 2:30 PM
Updated: Jul 23, 2018 6:49 PM

MEDFORD, Ore. — The City of Medford has issued a precautionary notification to customers who may have been impacted by a recent data breach of the Click2Gov online payment system for utility billing, permits, and business licenses, administered by Superion.

Upon learning of the data breach, the City says that they shut down the online payment server and immediately began a forensic investigation. The vulnerability in Superion’s Click2Gov function is believed to be wide-spread. Other cities potentially affected include Beaumont, TX, Oceanside, CA, and Goodyear, AZ.

On June 5, 2018 forensic investigators determined that malware was used to gather payment card information including credit or debit card numbers, cardholder names, and/or expiration dates and CVV codes, from the Click2Gov online payment system between February 18, 2018 and March 14, 2018, and between March 29, 2018 and April 16, 2018.

Investigators believe the malware was used to gather payment card information, which may include credit or debit card numbers, cardholder names, card expiration dates and CVV codes from the Click2Gov online payment system.

Social security numbers or federal or state identification numbers are not collected from the online payment system. Therefore, this personal information was not affected by this incident.

The City of Medford says that they serve over 30,000 customers for utilities, permits, and business licenses. Forensic investigators estimate that 1,842 cardholders were potentially affected by the data breach.

"The City values the privacy of its residents and the users of its website, and deeply regrets that this incident occurred. The City is continuing to review and take the necessary steps to enhance online security measures to help protect against this type of threat in the future," said a statement from City officials.

If a customer used the Click2Gov system to make online payments to the City during the relevant time frames, here are steps they can take:

1) Check your credit card account for unauthorized or suspicious charges, no matter how small.
2) Report any unauthorized charges to your credit card issuer and bank.
3) Ask your credit card issuer and bank to deactivate your card and issue a new card.
4) Request a fraud alert to be placed on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. You may call any one of the three major credit bureaus listed below. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for 90 days. You can renew it after 90 days.

Request that all three credit reports be sent to you, free of charge, for your review. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically.

 • Equifax: Equifax.com or 1-800-525-6285
 • Experian: Experian.com or 1-888-397-3742
 • TransUnion: Transunion.com or 1-800-680-7289

A copy of the notification letter sent to the potentially affected customers is attached below. A dedicated call center has been set up to answer customer questions and can be reached at 844-808-4890 between the hours of 6 a.m. and 6 p.m. pacific time, Monday through Friday.

Oregon Coronavirus Cases

Data is updated nightly.

Cases: 387485

Reported Deaths: 5116
CountyCasesDeaths
Multnomah59768836
Washington41571393
Marion39592504
Clackamas32426376
Lane29856354
Jackson24672350
Deschutes23182185
Umatilla15087180
Linn14488178
Douglas13236286
Josephine10057240
Yamhill9665142
Klamath8979145
Polk813698
Benton605137
Malheur591586
Coos5573106
Columbia423855
Jefferson416865
Lincoln357252
Union336854
Crook330156
Wasco314846
Clatsop258335
Baker217531
Tillamook214345
Hood River211337
Morrow197025
Curry190136
Harney119332
Grant108314
Lake104016
Wallowa74713
Sherman1903
Gilliam1844
Wheeler1141
Unassigned00

California Coronavirus Cases

Data is updated nightly.

Cases: 5061240

Reported Deaths: 74159
CountyCasesDeaths
Los Angeles152548627128
San Diego4047084319
Riverside3849455306
San Bernardino3718825944
Orange3329505675
Sacramento1674002423
Kern1565171781
Fresno1558992246
Santa Clara1511691922
Alameda1246581504
San Joaquin1070001833
Ventura1036461188
Contra Costa1032921045
Stanislaus912991413
Tulare856141082
San Francisco56614669
San Mateo56058629
Monterey52340625
Solano47422356
Santa Barbara47035548
Merced44807664
Sonoma42912412
Placer41881468
Imperial38128769
Kings35038358
San Luis Obispo31294358
Madera26005311
Shasta25917440
Butte25295309
Santa Cruz22028222
Yolo21451257
Marin18342248
El Dorado18166161
Sutter14494181
Napa13372104
Yuba1070088
Tehama10230129
Humboldt10043117
Nevada9914103
Mendocino848894
Lassen792355
San Benito775977
Tuolumne767790
Lake6990110
Amador573766
Siskiyou470954
Glenn455136
Calaveras435685
Del Norte371242
Colusa323519
Inyo254345
Plumas19127
Mono18294
Mariposa156718
Trinity98817
Modoc7475
Unassigned2430
Sierra2170
Alpine1060
Out of CA00
Medford
Partly Cloudy
47° wxIcon
Hi: 48° Lo: 42°
Feels Like: 47°
Brookings
Partly Cloudy
50° wxIcon
Hi: 62° Lo: 42°
Feels Like: 50°
Crater Lake
Partly Cloudy
47° wxIcon
Hi: 45° Lo: 28°
Feels Like: 47°
Grants Pass
Cloudy
47° wxIcon
Hi: 50° Lo: 46°
Feels Like: 47°
Klamath Falls
Partly Cloudy
29° wxIcon
Hi: 46° Lo: 29°
Feels Like: 29°
Stagnant and dry weather continue all week
KDRV Radar
KDRV Fire Danger
KDRV Weather Cam

Community Events