In San Angelo credit card information for water customers who made payments online may have been breached. The vendor who processes card payments alerted the city that the scope of the potential vulnerability has widened. Previously, the vendor believed any compromise that may have occurred affected only online customers who make individual payments each month.
Lance Overstreet the Assistant Director for the San Angelo Water Utility Department said, “we immediately took action, we removed the server, took it down and since then we have actually been working with the third-party software [vendor] that handles the billing for us and that it routes through. “
The city has rebuilt a server with which they have been able to bring bill-pay back online. This city is now waiting for the third-party software vendor to perform an analysis on the causes of the breach and put forth any suggested remedies. The city expects answers within the next couple of days.
In their new server, the city used a different platform which is supposed which is supposed to be more stable and secure. They are also still evaluating whether the third-party software vendor to gauge whether it will continue to perform in the best interest of San Angelo customers.
As a result, while online payments were temporarily disabled, they are back online now and the payment processing vendor no longer uses the compromised software.