Press Enter to show all options, press Tab go to next option

City of Sioux City Informs Public of Data Security Incident

Post Date:12/20/2019 2:05 PM
The City of Sioux City, Iowa (“the City”) recently experienced an incident involving a potential data security issue within the City’s Parking Ticket System and Utility Billing System online payment portal Click2Gov, which is managed and operated by a third-party vendor, and has potentially affected 3,563 accounts.

On December 16, 2019 the City received notice from its third-party vendor indicating that alterations to the vendor’s application code could have enabled the unauthorized copying of payment card information from the City’s internet browser window during certain payment transactions.

Information privacy and security are among our highest priorities, and we take this matter very seriously. Upon receiving notice of the issue, the City immediately launched an investigation to determine its full nature and scope, as well as what information may have been affected. Third-party forensic investigators were engaged, and with their assistance, it was determined that payment card information entered between August 26, 2019 and September 18, 2019, such as name, address, payment card number, expiration date and CVV, could have been captured by a piece of malicious code that was inserted into the Click2Gov site. 

The City has worked diligently to identify those individuals who may have made payments during the affected period. We also worked with the third-party vendor responsible for the payment application to ensure the security of the Click2Gov website moving forward. We took steps to confirm and further strengthen the security of our systems, including our online utilities payment portal. Additionally, as of September 18, 2019, which was prior to the discovery of the potential breach, a different third-party vendor was engaged by the City to process the City’s Parking Ticket System and Utility Billing System credit card payments.  

We will continue to review our security policies and procedures as part of our commitment to information security. We will work with law enforcement regarding any criminal investigation that may occur in this matter and are directly notifying those individuals whose payment information may be impacted. 
We will be providing all affected individuals notice via letter during the week of December 30, 2019. The notice will include information about the event, measures we have taken in response, and recommendations for protecting personal information in the future. In the meantime, we encourage all Sioux City residents to monitor all financial transactions/statements and promptly report any suspicious or unusual charges to the relevant banking institutions. 

We understand those who may be impacted may have questions about this incident or who was affected by it. To ensure your questions are answered in a timely manner please call 712-279-6132 Monday through Friday between the hours of 8:00 a.m. to 5:00 p.m. Central Time. 
Return to full list >>