ST. PETERSBURG, Fla. -- At least 28,000 people may have had their credit card information stolen during a month-long breach of the city's website.
The city uses a third-party software product, called Click2Gov, to process payments for several city services, including utility bills, parking tickets, building licenses and more. Between Aug. 11 and Sept. 25, malicious software was on the payment server, making it susceptible to unauthorized access.
Payments made in person, by phone, via E-Check or through any other city systems were not affected.
In a letter to customers, St. Petersburg officials say the Click2Gov vendor told the city of the issue on Sept. 27. The system was shut down, rebuilt, secured and back online by 1:30 p.m. the next day.
"[The 28,000 people] are the ones who are at risk," City Spokesman Benjamin Kirby said. "It doesn't mean every single person has had their card hacked."
The city has not heard of any of its residents having an issue with their accounts so far, Kirby added.
Several security updates were applied to the Click2Gov software this year, however, none of them closed the apparent breach.
"The City is currently investigating why these steps did not prevent the installation of the malicious software that led to the breach of the credit card processing functionality on Click2Gov," the letter to residents reads.
People are advised to keep a close watch on their accounts for any suspicious activity and check with each of the credit reporting agencies, including Equifax, Experian and TransUnion, for their latest reports. Annualcreditreport.com is a free service that provides each credit report each year.
If there is a suspected case of identity theft, file a police report with local law enforcement. In St. Petersburg, residents are asked to call police at 727-893-7780 or file a report online.
►Make it easy to keep up-to-date with more stories like this. Download the 10News app now.