City of Port Orange Provides ‘Notice of Data Security Incident’ Letter to its Utility Billing Customers Concerning Data Security Event

City of Port Orange Provides ‘Notice of Data Security Incident’ Letter

to its Utility Billing Customers Concerning Data Security Event

Port Orange, FL (January 10, 2020), The City of Port Orange (“the City”) will be providing a ‘Notice of Data Privacy Incident’ letter to be mailed to utility billing customers who may have been impacted by the City’s third party utility billing services vendor, CentralSquare Technologies (“CentralSquare”) data security event. 

On November 6, 2019, the City received notice from its third-party utility billing services vendor, CentralSquare Technologies (“Central Square”) of a potential data security issue within the online payment portal, Click2Gov, which is managed and operated by that vendor.  The notice indicated that alterations to Click2Gov’s applicable code could have enabled the unauthorized access to certain payment card information from the customer’s internet browser window during a payment transaction.  On December 4, 2019, CentralSquare confirmed that the time period in which the payment transactions may have been affected is from August 27, 2019 through October 26, 2019. 

The City takes the confidentiality, privacy, and security of personal information very seriously and has strict security measures in place to protect information in our care.  After receiving notice, the City worked to identify those individuals who may have made payments during this period and discontinued use of the Click2Gov website indefinitely, while it assessed the security of the site. Third-party forensic investigators were engaged, and with their assistance, the investigation determined that payment card information entered from August 27, 2019 through October 18, 2019 could have been affected by the CentralSquare incident.  Additionally, the City took steps to confirm and further strengthen the security of its systems and the City is reviewing its security policies and procedures as part of its ongoing commitment to information security. The City is working with law enforcement and notified relevant regulators. 

More information about the CentralSquare data security issue can be found on the homepage of the city’s website, www.port-orange.org under “City News.”