Credit cards.
Credit cards. Photo via Pixabay

A potential data breach of the city of Oceanside’s online utility bill payment system was being investigated Tuesday, and the system has been taken down.

So far, it appears the affected customers made one-time payments of their water bills between July 1 and Aug. 13, according to the office of City Manager Michelle Skaggs Lawrence. The system also allows for sewer and trash bills.

City officials said some customers alerted them to unauthorized charges on their credit cards, including at least two who paid for their water but didn’t use the card for anything else.

It hasn’t been confirmed whether the bill payment system is the source of the data breach, according to the city, but police and a cyber security expert are looking into the matter.

Lawrence’s office reported that there’s no evidence that any recurring credit card payments may have been jeopardized.

City officials urged people who used a credit card to pay their city of Oceanside utility bill on a one-time basis through the city website during the affected time period to:

  • Check their credit card account for unauthorized or suspicious charges, no matter how small, and report them to the credit card issuer or bank.
  • Report unauthorized charges to the Oceanside Police Department and ask to fill out a crime report.
  • Ask the credit card issuer or bank to deactivate the card and issue a new one.
  • Request a fraud alert to be placed on their credit file, telling creditors to contact the customer before opening a new account or making changes to existing accounts.
  • And ask for credit reports from all three agencies, Equifax, Experian and TransUnion.

Fraud alerts remain on file for three months, and can be renewed for another three months.

— City News Service