STREAMING NOW: Watch Now

City of Medford Reports Data Breach in Online Billing System

The Click2Gov system that processes online payments for utility billing, permits and business licenses was apparently targeted by malware skimming for credit and debit card information of users.

Posted: Jul 23, 2018 2:30 PM
Updated: Jul 23, 2018 6:49 PM

MEDFORD, Ore. — The City of Medford has issued a precautionary notification to customers who may have been impacted by a recent data breach of the Click2Gov online payment system for utility billing, permits, and business licenses, administered by Superion.

Upon learning of the data breach, the City says that they shut down the online payment server and immediately began a forensic investigation. The vulnerability in Superion’s Click2Gov function is believed to be wide-spread. Other cities potentially affected include Beaumont, TX, Oceanside, CA, and Goodyear, AZ.

On June 5, 2018 forensic investigators determined that malware was used to gather payment card information including credit or debit card numbers, cardholder names, and/or expiration dates and CVV codes, from the Click2Gov online payment system between February 18, 2018 and March 14, 2018, and between March 29, 2018 and April 16, 2018.

Investigators believe the malware was used to gather payment card information, which may include credit or debit card numbers, cardholder names, card expiration dates and CVV codes from the Click2Gov online payment system.

Social security numbers or federal or state identification numbers are not collected from the online payment system. Therefore, this personal information was not affected by this incident.

The City of Medford says that they serve over 30,000 customers for utilities, permits, and business licenses. Forensic investigators estimate that 1,842 cardholders were potentially affected by the data breach.

"The City values the privacy of its residents and the users of its website, and deeply regrets that this incident occurred. The City is continuing to review and take the necessary steps to enhance online security measures to help protect against this type of threat in the future," said a statement from City officials.

If a customer used the Click2Gov system to make online payments to the City during the relevant time frames, here are steps they can take:

1) Check your credit card account for unauthorized or suspicious charges, no matter how small.
2) Report any unauthorized charges to your credit card issuer and bank.
3) Ask your credit card issuer and bank to deactivate your card and issue a new card.
4) Request a fraud alert to be placed on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. You may call any one of the three major credit bureaus listed below. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for 90 days. You can renew it after 90 days.

Request that all three credit reports be sent to you, free of charge, for your review. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically.

 • Equifax: Equifax.com or 1-800-525-6285
 • Experian: Experian.com or 1-888-397-3742
 • TransUnion: Transunion.com or 1-800-680-7289

A copy of the notification letter sent to the potentially affected customers is attached below. A dedicated call center has been set up to answer customer questions and can be reached at 844-808-4890 between the hours of 6 a.m. and 6 p.m. pacific time, Monday through Friday.

Oregon Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 3967

Reported Deaths: 148
CountyConfirmedDeaths
Multnomah105258
Marion91425
Washington69817
Clackamas29610
Deschutes1200
Linn1159
Umatilla1123
Polk9610
Lane672
Yamhill667
Jackson600
Benton555
Clatsop450
Klamath410
Coos310
Malheur280
Josephine251
Douglas250
Jefferson240
Wasco181
Columbia160
Hood River120
Morrow120
Lincoln90
Tillamook60
Crook60
Curry60
Union60
Wallowa20
Sherman10
Grant10
Harney10
Baker10
Unassigned00

California Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 99387

Reported Deaths: 3819
CountyConfirmedDeaths
Los Angeles478452145
Riverside7139303
San Diego6797249
Orange5578131
San Bernardino4567176
Alameda298693
Santa Clara2675139
San Francisco239940
San Mateo190482
Kern187629
Tulare177179
Santa Barbara155112
Fresno148222
Contra Costa135337
Imperial135224
Sacramento131056
Ventura91230
San Joaquin77133
Kings6882
Stanislaus65928
Sonoma5154
Solano45520
Monterey4298
Marin41714
Merced2687
San Luis Obispo2631
Santa Cruz2002
Yolo19822
Placer1889
Napa1093
Humboldt942
Madera852
El Dorado780
San Benito762
Sutter422
Nevada411
Butte400
Del Norte400
Shasta364
Mono341
Yuba281
Mendocino220
Inyo191
Mariposa161
Lake140
Calaveras140
Glenn120
Amador100
Siskiyou61
Colusa50
Plumas40
Lassen40
Tuolumne30
Tehama31
Alpine20
Trinity10
Sierra10
Unassigned00
Medford
Clear
57° wxIcon
Hi: 91° Lo: 61°
Feels Like: 57°
Brookings
Overcast
52° wxIcon
Hi: 73° Lo: 53°
Feels Like: 52°
Crater Lake
Overcast
53° wxIcon
Hi: 82° Lo: 54°
Feels Like: 53°
Grants Pass
Clear
57° wxIcon
Hi: 90° Lo: 59°
Feels Like: 57°
Klamath Falls
Overcast
53° wxIcon
Hi: 85° Lo: 53°
Feels Like: 53°
Hot week, stormy weekend
KDRV Radar
KDRV Fire Danger
KDRV Weather Cam

Community Events

Latest Video

Image

Smoke expected through today

Image

Fighting fires during coronavirus

Image

Nate Bittle is gearing up for his senior year

Image

Search and rescue adjusts to a pandemic

Image

Tuesday, May 26th Evening Weather

Image

Search and Rescue teams adjust their jobs during the pandemic

Image

Anywhere Learning: Read-aloud - Sarah, Plain and Tall, Part 2

Image

Anywhere Learning: Mystery Adventure, Part 2

Image

Anywhere Learning: All About Family

Image

Anywhere Learning: Mystery Adventure, Part 1