Home / News / Potential Data Breach of the City of Oceanside Online Utility Payment System

Potential Data Breach of the City of Oceanside Online Utility Payment System

Oceanside CA— The City of Oceanside maintains a system that allows customers to pay their utility (water, sewer and trash) bills online using a credit card.  In the past few business days, a number of utility customers have alerted the City to unauthorized charges on credit cards they used to pay their City utility bills.  At least two of these customers reported that they used their affected credit card only to pay their City of Oceanside utility bill and for no other purpose.  These reports raised a concern that the City’s online payment system may have been breached.  Although it has not been confirmed whether the City’s  online utility bill payment system is the source of the apparent credit card information breach, the City takes the security of our customers’ information seriously.  This notice is given in an abundance of caution.

What the city is doing:

Upon learning of the potential breach, the City immediately shut down its online utility bill payment system and began an internal assessment.  It notified law enforcement, which is conducting an investigation.  Additionally, the City brought in a cyber security expert to conduct a forensic analysis.

Who may be affected

So far, it appears that this incident may affect only individuals who used the City’s website to make a one-time payment of their City of Oceanside water utilities bill between July 1, 2017 and August 13, 2017.  At this point, there is no evidence that any recurring credit card payments may have been jeopardized.

What you can do

If you used a credit card to pay your City of Oceanside utility bill on a one-time basis through the City website from July 1, 2017 to August 13, 2017, please:

  • Check your credit card account for unauthorized or suspicious charges, no matter how small.
  • Report any unauthorized charges to your credit card issuer/bank.
  • Ask your credit card issuer/bank to deactivate your card and issue a new card.
  • Report any unauthorized charges to the Oceanside Police Department and ask to complete a crime report. The reports can be taken at the Oceanside Police Department Monday thru Friday 8:00am to 5:00pm.  Please bring in the last 2 months of your credit cards statements highlighting the fraudulent activity. Detective Bob Moore 760-435-4435 is the primary point of contact and Sgt. John McKean 760-435-4861 is the secondary point of contact for the police department.
  • Request a fraud alert to be placed on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. You may call any one of the three major credit bureaus listed below.  As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts.  The initial fraud alert stays on your credit report for 90 days.  You can renew it after 90 days.
  • Request that all three credit reports be sent to you, free of charge, for your review. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically.  Thieves may hold stolen information to use at different times.  Checking your credit reports periodically can help you spot problems and address them quickly.
  • Equifax: Equifax.com or 1-800-525-6285
  • Experian: Experian.com or 1-888-397-3742
  • TransUnion: Transunion.com or 1-800-680-7289

The privacy and security of our customers’ information is of the utmost importance to the City.  We are taking all necessary steps to investigate  the potential breach.  We will update you immediately as additional information becomes available.