STREAMING NOW: Watch Now

City of Medford Reports Data Breach in Online Billing System

The Click2Gov system that processes online payments for utility billing, permits and business licenses was apparently targeted by malware skimming for credit and debit card information of users.

Posted: Jul 23, 2018 2:30 PM
Updated: Jul 23, 2018 6:49 PM

MEDFORD, Ore. — The City of Medford has issued a precautionary notification to customers who may have been impacted by a recent data breach of the Click2Gov online payment system for utility billing, permits, and business licenses, administered by Superion.

Upon learning of the data breach, the City says that they shut down the online payment server and immediately began a forensic investigation. The vulnerability in Superion’s Click2Gov function is believed to be wide-spread. Other cities potentially affected include Beaumont, TX, Oceanside, CA, and Goodyear, AZ.

On June 5, 2018 forensic investigators determined that malware was used to gather payment card information including credit or debit card numbers, cardholder names, and/or expiration dates and CVV codes, from the Click2Gov online payment system between February 18, 2018 and March 14, 2018, and between March 29, 2018 and April 16, 2018.

Investigators believe the malware was used to gather payment card information, which may include credit or debit card numbers, cardholder names, card expiration dates and CVV codes from the Click2Gov online payment system.

Social security numbers or federal or state identification numbers are not collected from the online payment system. Therefore, this personal information was not affected by this incident.

The City of Medford says that they serve over 30,000 customers for utilities, permits, and business licenses. Forensic investigators estimate that 1,842 cardholders were potentially affected by the data breach.

"The City values the privacy of its residents and the users of its website, and deeply regrets that this incident occurred. The City is continuing to review and take the necessary steps to enhance online security measures to help protect against this type of threat in the future," said a statement from City officials.

If a customer used the Click2Gov system to make online payments to the City during the relevant time frames, here are steps they can take:

1) Check your credit card account for unauthorized or suspicious charges, no matter how small.
2) Report any unauthorized charges to your credit card issuer and bank.
3) Ask your credit card issuer and bank to deactivate your card and issue a new card.
4) Request a fraud alert to be placed on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. You may call any one of the three major credit bureaus listed below. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for 90 days. You can renew it after 90 days.

Request that all three credit reports be sent to you, free of charge, for your review. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically.

 • Equifax: Equifax.com or 1-800-525-6285
 • Experian: Experian.com or 1-888-397-3742
 • TransUnion: Transunion.com or 1-800-680-7289

A copy of the notification letter sent to the potentially affected customers is attached below. A dedicated call center has been set up to answer customer questions and can be reached at 844-808-4890 between the hours of 6 a.m. and 6 p.m. pacific time, Monday through Friday.

Oregon Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 30995

Reported Deaths: 529
CountyConfirmedDeaths
Multnomah6853133
Marion446690
Washington431558
Umatilla291641
Clackamas227361
Malheur153923
Jackson10574
Lane99115
Deschutes77712
Yamhill73814
Jefferson5138
Polk50315
Morrow4906
Lincoln47313
Linn46813
Union4352
Benton2806
Klamath2752
Hood River2450
Wasco2443
Douglas2113
Josephine1862
Columbia1531
Coos1420
Clatsop1210
Baker902
Crook601
Tillamook490
Curry300
Lake280
Wallowa281
Sherman180
Harney120
Gilliam80
Grant80
Unassigned00
Wheeler00

California Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 790096

Reported Deaths: 15056
CountyConfirmedDeaths
Los Angeles2614466366
Riverside574191162
San Bernardino52649908
Orange522011128
San Diego44925760
Kern31509354
Fresno27769355
Sacramento21628383
Alameda20641374
Santa Clara20511297
San Joaquin19841415
Stanislaus16351337
Contra Costa15958201
Tulare15599256
Ventura12406143
Imperial11583314
San Francisco1080799
San Mateo9598143
Monterey955067
Santa Barbara8880110
Merced8750134
Kings743077
Sonoma7112114
Marin6591112
Solano617555
Madera439162
Placer348841
San Luis Obispo339327
Butte276435
Yolo275454
Santa Cruz22188
Sutter164210
Napa162613
San Benito131011
Yuba11187
El Dorado10734
Mendocino85118
Lassen7350
Shasta70914
Glenn5503
Nevada5116
Colusa5106
Tehama5094
Lake49210
Humboldt4856
Calaveras31114
Amador28616
Tuolumne2214
Inyo18714
Mono1652
Siskiyou1610
Del Norte1361
Mariposa752
Plumas490
Modoc240
Trinity150
Sierra60
Alpine20
Unassigned00
Medford
Clear
59° wxIcon
Hi: 79° Lo: 50°
Feels Like: 59°
Brookings
Overcast
58° wxIcon
Hi: 62° Lo: 56°
Feels Like: 58°
Crater Lake
Clear
41° wxIcon
Hi: 72° Lo: 42°
Feels Like: 41°
Grants Pass
Overcast
57° wxIcon
Hi: 78° Lo: 47°
Feels Like: 57°
Klamath Falls
Clear
41° wxIcon
Hi: 76° Lo: 39°
Feels Like: 41°
Seasonal and smoky start to fall tomorrow
KDRV Radar
KDRV Fire Danger
KDRV Weather Cam

Community Events