SEVERE WX : Air Stagnation Advisory View Alerts

City of Medford Reports Data Breach in Online Billing System

The Click2Gov system that processes online payments for utility billing, permits and business licenses was apparently targeted by malware skimming for credit and debit card information of users.

Posted: Jul 23, 2018 2:30 PM
Updated: Jul 23, 2018 6:49 PM

MEDFORD, Ore. — The City of Medford has issued a precautionary notification to customers who may have been impacted by a recent data breach of the Click2Gov online payment system for utility billing, permits, and business licenses, administered by Superion.

Upon learning of the data breach, the City says that they shut down the online payment server and immediately began a forensic investigation. The vulnerability in Superion’s Click2Gov function is believed to be wide-spread. Other cities potentially affected include Beaumont, TX, Oceanside, CA, and Goodyear, AZ.

On June 5, 2018 forensic investigators determined that malware was used to gather payment card information including credit or debit card numbers, cardholder names, and/or expiration dates and CVV codes, from the Click2Gov online payment system between February 18, 2018 and March 14, 2018, and between March 29, 2018 and April 16, 2018.

Investigators believe the malware was used to gather payment card information, which may include credit or debit card numbers, cardholder names, card expiration dates and CVV codes from the Click2Gov online payment system.

Social security numbers or federal or state identification numbers are not collected from the online payment system. Therefore, this personal information was not affected by this incident.

The City of Medford says that they serve over 30,000 customers for utilities, permits, and business licenses. Forensic investigators estimate that 1,842 cardholders were potentially affected by the data breach.

"The City values the privacy of its residents and the users of its website, and deeply regrets that this incident occurred. The City is continuing to review and take the necessary steps to enhance online security measures to help protect against this type of threat in the future," said a statement from City officials.

If a customer used the Click2Gov system to make online payments to the City during the relevant time frames, here are steps they can take:

1) Check your credit card account for unauthorized or suspicious charges, no matter how small.
2) Report any unauthorized charges to your credit card issuer and bank.
3) Ask your credit card issuer and bank to deactivate your card and issue a new card.
4) Request a fraud alert to be placed on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. You may call any one of the three major credit bureaus listed below. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for 90 days. You can renew it after 90 days.

Request that all three credit reports be sent to you, free of charge, for your review. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically.

 • Equifax: Equifax.com or 1-800-525-6285
 • Experian: Experian.com or 1-888-397-3742
 • TransUnion: Transunion.com or 1-800-680-7289

A copy of the notification letter sent to the potentially affected customers is attached below. A dedicated call center has been set up to answer customer questions and can be reached at 844-808-4890 between the hours of 6 a.m. and 6 p.m. pacific time, Monday through Friday.

Oregon Coronavirus Cases

Data is updated nightly.

Cases: 70832

Reported Deaths: 885
CountyCasesDeaths
Multnomah15875232
Washington997499
Marion9017137
Clackamas585377
Umatilla430149
Lane420241
Jackson364428
Malheur237942
Deschutes222814
Yamhill164816
Linn138522
Polk116816
Douglas91217
Jefferson80811
Union7715
Benton7667
Klamath7604
Morrow6517
Lincoln61315
Wasco51919
Josephine5104
Columbia4783
Coos4182
Hood River3941
Clatsop3510
Baker2723
Crook2176
Grant1341
Curry1292
Tillamook1230
Lake1171
Harney961
Wallowa713
Sherman230
Gilliam220
Wheeler30
Unassigned00

California Coronavirus Cases

Data is updated nightly.

Cases: 1185576

Reported Deaths: 19089
CountyCasesDeaths
Los Angeles3877937604
San Bernardino902221129
Riverside857741437
San Diego76359996
Orange750951577
Kern40337448
Fresno37724481
Sacramento35854566
Santa Clara32985476
Alameda28857505
San Joaquin25738502
Contra Costa23571261
Stanislaus21460424
Tulare20649308
Ventura19058175
Imperial15862356
San Francisco15156160
Monterey14750116
San Mateo13715170
Sonoma11922157
Merced11537179
Santa Barbara11277135
Kings1047587
Solano1003681
Marin7628129
Placer635468
Madera604785
San Luis Obispo596435
Shasta471847
Yolo462675
Santa Cruz426928
Butte389459
Sutter314415
Napa298817
El Dorado22174
Yuba198110
San Benito183716
Lassen17733
Tehama161225
Mendocino148522
Nevada11849
Tuolumne9088
Glenn8928
Lake89019
Humboldt8509
Colusa6946
Siskiyou6242
Mono5273
Amador52016
Calaveras47822
Del Norte3131
Inyo29016
Plumas2050
Trinity1390
Mariposa1282
Modoc1250
Alpine470
Sierra190
Unassigned00
Medford
Overcast
32° wxIcon
Hi: 47° Lo: 28°
Feels Like: 32°
Brookings
Clear
37° wxIcon
Hi: 57° Lo: 37°
Feels Like: 37°
Crater Lake
Clear
18° wxIcon
Hi: 43° Lo: 21°
Feels Like: 18°
Grants Pass
Overcast
32° wxIcon
Hi: 50° Lo: 28°
Feels Like: 32°
Klamath Falls
Clear
18° wxIcon
Hi: 42° Lo: 18°
Feels Like: 18°
Dense, freezing fog tonight
KDRV Radar
KDRV Fire Danger
KDRV Weather Cam

Community Events