The City of Waco is warning residents of a security issue that left water customer information vulnerable over the holidays, city officials announced Wednesday.
Information on about 2,500 credit card and debit card payments made on the city’s online system between Dec. 24 and Jan. 4 “was not properly protected by encryption,” according to a city press release.
The city has not found any indication the vulnerable information was accessed for improper or illegal use, and the information has since been secured, according to the press release. All payments were properly credited to accounts.
“There is no indication that the files in question were subject to improper use by an outside party or utilized for any illegal activity,” Information Technology director James Brown said in the press release. “Based on our investigation to date, it appears that the unencrypted files were stored on the city’s server, but there is no indication at this time that the information was accessed or utilized by any unauthorized individuals.”
Customers whose credit or debit card information was left vulnerable have been notified with a letter from the city. City spokesman Larry Holze said no one has notified the city of unauthorized activity on their accounts.
Holze said the city is working with outside security experts to conduct an investigation into the issue. He encouraged customers to check their debit and credit card statements for any unauthorized charges and to report any issues to their financial institution and to the City of Waco Water Office at 299-2489.