Editor Nicole Vulcan is penning this week's editorial under her name, rather than being a work of our editorial board, due to her personal tie to the subject matter.
This week, we're putting out our first Money Issue aimed at giving people some food for thought about handling finances in the new decade. Imagine our surprise when, on the day this issue was going to press, a serious money-related issue popped up at the City of Bend. This one is not about the prospect of massive amounts of public money being spent on transportation or Mirror Pond—but instead, about a massive data breach that may have affected thousands of people who pay their City of Bend utility bills online. It appears I'm one of them.
- geralt, Pixabay
The City of Bend announced Tuesday that Bendites who made one-time payments or set up auto pay for their utility bills through the City's Click2Gov online portal between Aug. 30 and Oct. 14, 2019 likely had their card information breached.
"We believe that less than 5,000 City utility customers may have been affected by this incident," City of Bend Communications Manager Joshua Romero told the Source in an email.
City officials say CentralSquare, the third-party vendor that supplies Click2Gov, discovered that someone had inserted "malicious code" into the Click2Gov software, which "allowed an unauthorized party to copy personal payment card information from customers who logged into the system," the City's press release stated.
City officials said they're working with a forensic investigator, outside legal counsel, local and federal law enforcement and CentralSquare to find out more about the incident. They say the malicious code has been removed from the Click2Gov site, and that customers can now pay online safely once again.
"Prior to this incident, the City was anticipating implementing the new payment processing services provider within the next 12 months. We are exploring the possibility of expediting that implementation as a result of this incident," Romero wrote.
Meanwhile, "CentralSquare's Click2Gov platform has been hacked repeatedly since 2017," OPB's Emily Cureton reported late Tuesday. If there was a time to leave a platform, it was apparently a while ago.
The City says it's sending a letter in the mail to customers it believes are affected—including information about how affected people can take part in one year of free credit and identity monitoring service. I called the hotline number provided by the City to find out if I am on the list of people getting a letter. A man from Kroll Fraud Solutions, a company he said the City has contracted to work with on the breach, told me he didn't have any information about credit monitoring. He didn't know if I was on the list and said I should wait and see if a letter arrived. Seeing as how mail service has to leave Bend and go to the Willamette Valley before it makes its way back to mailboxes in Bend, I'll be looking forward, semi-patiently, to getting that notification in the mail. But coincidentally, I was hacked just days ago.
Looking back at my bank records, I made two one-time payments, using my debit card, to the City of Bend during the time in question. On Jan. 1, the same card was involved in a flurry of fraud attempts. I have my bank to thank for rejecting the whopping 47 charges attempted on my debit card from locations all around the world, from Singapore to the Netherlands to Brazil.
As we put out this Money Issue, it seems that one lesson here is, "cash is still king," though, if you're like me, you've fallen into the trap of thinking technology and electronic payments are convenient enough to be willing to ignore the potential risks. In the 21st Century, society, as we are now finding out in a number of arenas, has blindly believed in tech—from online payments to social media algorithms to electronic voting—often to society's detriment. Why do we so blindly jump to our own demises? How many more digital hiccups must we endure before we see a significant retraction toward the analog?
For example, Oregon is heralded for its innovative voting system—but it's not a tech-y system, it's an analog one. In spite of all the promise of technology, a vote-by-mail system that ensures each person gets a piece of paper in the mail (and now can send it back free of charge) is the method heralded. In Minnesota, an article this week in the StarTribune detailed how 40-year-old tractors are a hot item, largely due to their lack of sophisticated tech.
Hackers have a full-time gig in targeting victims. So how can we ensure our public stewards have the tools, expertise and awareness they need to combat that? In this case, were they aware that their payment provider had a track record of recent breaches with other cities? While information is still coming out about the City's recent breach, and questions abound about when, how and why the City is poised to move to another payment vendor, the public should be vigilant in demanding that the City of Bend does all it can to protect our data in the future.
In terms of personal responsibility, may we all remember that data is king these days—but cash still works, too.