City Water Customers Advised to Get New Credit CardsPress Release
SAN ANGELO, TX -- (Press Release) San Angelo water customers who made one-time online payments between June 17 and Aug. 16 are advised to contact their financial institutions and request a replacement card if they have not already done so.
The City has received the results of a forensics investigation regarding a breach last month to a vendor’s online water payment system. The investigation found that malware skimmed credit card information from the contracted vendor’s server from June 17-Aug. 16. Only online one-time payments – as opposed to payments automatically drafted from a credit card – were at risk. Credit card payments made via auto-pay, by phone or in person were not compromised.
“Replacing a credit card is a hassle; we understand and apologize for that,” Water Utilities Director Allison Strube said. “But we would much rather that inconvenience not be compounded by customers also having to clear unauthorized purchases. We have worked with our vendor to prevent this from happening again.”
Upon learning of the breach, the City disabled all but phone credit card payments until the vendor that processes online payments could update its software and transition to a more secure platform. Online payments at cosatx.us/waterbill were restored Aug. 21.
Customers were advised last month to monitor their credit card accounts for unauthorized charges. Many customers were forced to seek new cards after experiencing unauthorized purchases. Those who did not are still advised to request a replacement card. Skimmed credit card information is often sold well after a breach occurs; illegal purchases may appear weeks or months later.
A letter will be mailed to all customers who made online credit card payments explaining the compromise to the one-time online transactions. The breach did not increase the amount of a customer’s monthly bill.