Cyber Incident Victim: Aurora Water

Aurora Water, the water department for the city of Aurora, Colorado, publicly disclosed a data breach impacting its customers on December 31, 2019. The incident involved unauthorized access to the Click2Gov online payment system used by the utility for processing customer transactions. According to the department's announcement, the breach affected individuals who utilized Click2Gov to make one-time payments or establish recurring payments between August 30, 2019, and October 14, 2019. During this approximately six-week period, attackers compromised sensitive customer information including names, payment card numbers, and card expiration dates. The city did not specify the exact number of affected customers or the method of intrusion but confirmed the breach was limited to users of the Click2Gov portal during the identified timeframe.

Aurora Water notified potentially impacted customers through its December 31 announcement, advising them to monitor their financial statements for suspicious activity. The department did not disclose whether it offered complimentary credit monitoring services or other remediation measures to affected individuals. The breach notification occurred over two months after the conclusion of the compromise window, indicating a likely discovery and investigation period following the October 14 endpoint. No additional technical details regarding the attack vector, containment procedures, or forensic findings were provided in the initial public statement. The incident marked another security event involving the Click2Gov platform, which had been implicated in multiple municipal payment system breaches prior to 2019. Aurora Water directed customers seeking further information to local news outlet 9News for additional coverage of the breach.