Cyber Incident Victim: City of Bozeman

The City of Bozeman disclosed a security breach affecting customers who used its Click2Gov online utility payment system between July 1, 2017, and October 24, 2017. The incident came to light after multiple utility customers reported unauthorized transactions on credit cards they had exclusively used for municipal bill payments through the platform. City officials initiated an investigation upon receiving these fraud reports, engaging two independent cybersecurity firms to conduct forensic analysis. This multi-stage investigation confirmed malicious actors had compromised the Click2Gov system to harvest payment card data during the three-and-a-half-month exposure window. The city issued a public advisory through a press release in 2018, approximately one year after the initial compromise period ended, urging affected customers to monitor their financial statements.

Forensic evidence established that attackers exfiltrated credit card information from the payment portal, though the exact number of compromised accounts remained unspecified. The breach represented a localized manifestation of a broader pattern of security incidents involving Click2Gov systems used by municipalities nationwide. Impacted Bozeman utility customers experienced direct financial consequences through fraudulent card activity linked to their municipal payments. The city's investigation required extensive technical analysis spanning months before conclusive evidence of system intrusion could be identified. No additional municipal systems or data types beyond credit card information processed through Click2Gov during the specified timeframe were confirmed as compromised in this incident.