DOTHAN, Ala. (WDHN) — The city of Dothan received new information Thursday on the cyberattack that compromised the accounts of several Dothan Utilities customers.
The attack targetted Click2Gov, the third-party application run by CentralSquare that allows customers to pay their bills.
CentralSquare is now saying that they “do not have sufficient information to reach a legal conclusion as to whether sensitive personally identifying information has been acquired by any unauthorized party.”
Even with the lack of a clear breach of personal data, the municipal government plans to work with cybersecurity experts to develop a plan of action to fix the problem as if a breach still happened.
“This position is in the best interest of our customers,” a city release states.
The city plans to release future updates as they receive more information on the situation. In the meanwhile, it provided the following questions and answers to explain the situation so far:
(Q) Does this effect my banking auto-draft payment to Dothan Utilities?
(A) No. There is no effect to banking auto-draft customers.
(Q) Does this effect my payments to Dothan Utilities I pay through my bank, such as bill pay options?
(A) No. There is no effect when paying from your bank.
(Q) Is it safe to make online payments again?
(A) Yes. The City has implemented additional precautionary measures to minimize potential attacks on the Click2Gov system, in the future. Unfortunately, there’s always a chance of additional cybercrimes.
(Q) What kind of measures have been taken to make sure this doesn’t happen again?
(A) The City has implemented all recommendations from CentralSquare, which include, a new computer server, a new installation of the Click2Gov application by CentralSquare technicians, and a file-level security monitoring system added to the new server.
(Q) When will I and how will I be notified if I was one of the accounts compromised?
(A) All affected cardholders will be notified by mail as soon as the remediation plan is developed. The City is moving to produce the plan as quickly as possible.
(Q) If I saved my credit card information on my Click2Gov account, has it been stolen?
(A) No. The stored credit card information was not captured in this attack.
(Q) If I entered my credit card information for a one-time payment, has my credit information been stolen?
(A) Potentially. The screen scrapping attack occurred between August 26 and October 14, 2019.
(Q) Will the City provide credit protection or credit monitoring services if I have been affected?
(A) The City is working with our cyber insurance provider to determine the best way to make our customers whole.