On June 21, the City of Midwest City learned that an unknown third party had accessed without authorization certain utility payments made through the Click2Gov online payment system. The city staff immediately began an investigation of the data breach and the vendor engaged a third-party forensic firm to determine what happened and what information may have been affected.
Preliminary findings of the investigation identified transactions from May 25 through June 21 were compromised. Later findings of the investigation identified an additional forty-three specific dates between December 11, 2017 and May 24 that were compromised. The 4,559 customers affected are being contacted by the City and provided information about what information was involved and what steps can be taken to protect their information. This includes the 2,256 customers who have already received the original notices.
The data breach included credit or debit card numbers and names associated with those cards as well as the billing addresses associated with the utility payments in question. The social security numbers and dates of birth were not accessed. Automatic reoccurring payments, payments made over the phone, payments made with bank accounts, payments made by check and payments made in person at the office were not impacted.
The City and its software vendor have taken the necessary steps to secure the system, and it is now safe for customers to use credit cards to pay utility bills online.
The City continues to work with the Federal Bureau of Investigations (FBI) to investigate the breach and in an effort to identify the parties involved. The Midwest City Police Department is also gathering information related to any losses caused by the breach. Customers who have experienced unauthorized transactions related to the Click2Gov data breach are encouraged to file a police report as well as notify the FBI of any fraudulent activity by utilizing the www.ic3.gov website and reference the “City of Midwest City - Click2Gov compromise.”
Individuals who receive a letter should consider the following steps to protect their information:
Customers with further questions or concerns can contact 1-877-841-8141.