CentralSquare, on behalf of the city of Dothan, is sending notices to Dothan Utilities customers whose data may have been affected by an incident that put their personal data at risk.
The “Notice of Data Privacy Incident” letter explain what happened, including the list of personal information that might have been subject to unauthorized access. The letter also explains what CentralSquare has done to ensure that further information does not become compromised, and addresses what steps the city has taken to ensure cybersecurity within its portion of the online utility payment system.
These letters were mailed Jan. 9 and 10.
On Dec. 4, 2019, CentralSquare confirmed that the time period in which the payment transactions may have been affected is Aug. 26 through Oct. 26, 2019. The city contracted with the law firm of Mullen Coughlin LLC in 2019 to assist with CentralSquare’s Click-2-Gov cyber incident.
“The city of Dothan takes the confidentiality, privacy and security of personal information very seriously and has strict security measures in place to protect information in our care,” a news release stated.
The city worked with third-party forensic investigators to conduct an independent analysis of the Click-2-Gov’s application server, confirming that payment card information entered in the reported date range could have been affected.
The city also stated it took steps to confirm and further strengthen the security of its systems, and it is reviewing its security policies and procedures as part of its ongoing commitment to information security and is working with law enforcement and notified relevant regulators.
CentralSquare has set up a call center that Dothan Utility customers can contact if they have questions. Twelve months of free credit monitoring service also is being offered by CentralSquare to customers who may have been affected.
The city will release additional information as it becomes available.