Cyber Incident Victim: Pompano Beach

In August 2018, Pompano Beach, Florida, experienced a data breach involving its online municipal water bill payment system. The incident occurred through CentralSquare Technologies' Click2Gov software, a third-party platform used by the city to process one-time payments. Unauthorized actors gained access to credit and debit card information submitted by residents for water bill payments between August 30 and December 6, 2018. The breach persisted undetected for over three months before being discovered. City officials confirmed the compromise affected payment data stored within CentralSquare's systems rather than the city's direct infrastructure. Approximately 3,900 residents who made online payments during this period had their financial information exposed. The breach exclusively impacted customers using the one-time payment portal on the city's website, with recurring payment accounts remaining unaffected. CentralSquare provided technical assistance to investigate the intrusion after its detection.

Pompano Beach officials issued breach notifications to affected residents in February 2019, nearly two months after containing the incident. The disclosure warned of potential financial fraud risks stemming from the exposed payment card details. While the city didn't specify exact fraudulent activity resulting from the breach, it advised residents to monitor bank statements and credit reports. No evidence suggested compromise of Social Security numbers or other personal identifiers beyond payment card data. The municipality collaborated with CentralSquare to implement enhanced security measures on the payment platform following the incident. Public records indicate no immediate reports of widespread financial losses among impacted residents at the time of notification. The breach highlighted vulnerabilities in third-party payment processors used by municipal governments for essential services.