AURORA, Colo. — Personal information of some Aurora Water customers, such as names, card numbers and expiration dates, may have been compromised through a data breach, according to the city's water department.
The department made an announcement about the security incident on Monday and said customers who used the Click2Gov payment system to make one-time payments or set up recurring payments between Aug. 30 and Oct. 14 were impacted.
They're in the process of notifying everyone affected by mail.
The Click2Gov software is maintained by a third party vendor, and once the water department was made aware of the issue, the payment system was immediately taken offline.
At that time, an investigation was also launched, and they determined that an unauthorized person who is not associated with the city modified a piece of computer code that the Click2Gov software uses.
That modified code, according to the city, was designed to capture limited personal information, such as first and last name, billing address, payment card type, payment card number, payment card verification value and payment card expiration date.
Other personal information, such as Social Security numbers or government-issued ID numbers, were not affected because Aurora Water does not collect that information for billing purposes. Click2Gov is not used by and does not affect any other city departments or functions.
Last month, Aurora Water launched a new payment system called Paymentus and is in the process of fully transitioning to that new system, which was not affected and can be used to make online payments.
A dedicated webpage has been set up to assist affected customers and to provide updates about the breach. Customers can also call 1-844-931-1876 between 7 a.m. and 4:40 p.m. Monday through Friday for assistance.
SUGGESTED VIDEOS | Local stories from 9NEWS