Data Breach Compromises Parking Ticket Payment System
The City of Ames recently learned a data breach may have affected 4,600 customers who paid a City-issued parking ticket using the City’s online payment system from Aug. 10 to Nov. 19, 2018. Written and email notices are being distributed today and into next week to customers who accessed the online parking ticket payment system during those dates.
The breach only affects parking ticket payments. No other City of Ames payment systems were compromised.
On Nov. 18, 2018, City of Ames Information Technology (IT) was made aware that the online parking ticket payment system, which links the City system to a third party vendor (Click2Gov), might have been compromised. IT quickly reported the incident to Click2Gov and initiated a series of customer safety steps. The parking tickets payment link was taken offline, and the City provided a copy of our web server to a private forensic data analyst for a detailed assessment. After learning the system had been breached, the City followed protocol and replaced the web server. The parking ticket payment system was brought back online on Nov. 20, 2018.
The breach may have included the following data: first name, last name, mailing address, email address, and debit/credit card number.
“We are very sorry this happened to our customers. The City of Ames is extremely concerned by this incident, but we’re confident we’ve addressed the vulnerability and corrected it,” said Ames Finance Director Duane Pitcher. “We know cyber attacks can occur any time, and we remain vigilant about keeping information shared with the City safe. We expect the same from vendors linked to our website.”
Any time electronic payments are used, it’s important to monitor credit card statements or banking information for any signs of unauthorized use.