According to story on KBTX, there has been a security breach in the online payment system for CS utilities. Of course, they don't know yet who or what has been affected. The whole system is turned off while they investigate. Once they figure it out, they will notify customers BY PHONE to let them know. Since I have no idea what phone number is in an account that was set up many years ago, it's a crap shoot whether they can contact me or not since we dropped our land line somewhere along the way. I guess I'll play it safe and contact my bank for a new card. As of right now there's no more info on the cstx page than in the kbtx story.

kbtxstory

Quote:

---

Since I am set up on autopay, I will be curious as to how they handle payments going forward, and if I will need to send a check or not.

---

According to their website, Autopay is NOT functioning and you have to pay another way.

Someone correct me if I am not seeing that correctly.

https://click2gov.cstx.gov/Click2GovCX/index.html

Thanks for posting this.

Coworker was told no issues with autopay

quirkyaggie said:

---

I paid my bill over the phone with a representative and afterward my card was compromised. I had $1100 charges at a Best Buy in Michigan, charges in Dubai, a charge for a AAA membership in California and another charge in Arizona.

So, while they say that it's just the 3rd party payment platform it is not. I reported my case to the investigators.

---

yes this is also what I would tell my SO if I was partying it up with the sultans in UAE.

Maybe a coincidence but had my card compromised a little over a week ago. Both places online and bank declined them luckily.

ChampsAg said:

---

Coworker was told no issues with autopay

---

I spoke to customer service today myself and they told me autopay was not working, even though my payment posted on Friday.

Was told yesterday that autopay would work since I had it set up with a routing number. I called because I wanted to make sure that it wasn't going to autodraft after I paid it manually. Payment due yesterday...still hasn't drafted. I sure hope I don't get charged the late fee.

My card was used to buy two American girl dolls about a week ago. I'm guessing this is the source of the problem. Either that or my 6 and 7yo are going to be pissed when their order doesn't arrive.

Slocum on a mobile said:

---

Quote:

---

I paid my bill over the phone with a representative and afterward my card was compromised. I had $1100 charges at a Best Buy in Michigan, charges in Dubai, a charge for a AAA membership in California and another charge in Arizona.

So, while they say that it's just the 3rd party payment platform it is not. I reported my case to the investigators.

---

I do not trust *any* business in the greater B/CS are to save my credit card information, and this is exactly why. I have worked in IT in this town, and the bar is pretty low.

Let's take a look at some of the local entities that have been compromised:
A large local hospital - had my daughter's info stolen in that one.
A local fast food place
A local CPA firm - that I happened to be a client of at the time.
now, CS Utilities.

These are just the ones I know about. They all say they will sign you up for free credit monitoring - I have my own thank you. I personally believe that the fines and penalties for having your database compromised should be a stiff deterrent.

Yes, it's expensive to have an Intrusion Detection System, a Web Application Firewall, and regular penetration testing. I realize this. I sell one of those three.

I think it's crappy that CoCS is blaming the "third party". That should not absolve them of all blame.

---

If Home Depot and Target can be compromised, these other places can be as well.

I work in IT and have some knowledge about the compliance requirements for taking credit card payments online, at a pay station, or in person.

I'll be very interested to know where/how the breach happened (If that info is shared with the public). Even using a 3rd party payment processor, there are some rigorous compliance requirements CoCS has to follow for PCI DSS to be able to take online payments. That includes firewalls and yearly penetration testing.

Someone with more free time than me, should make a FoIA request of the last 3 years of PCI DSS self-assessment questionnaires (SAQ), penetration testing results, and any remediations identified and completion status of said remediations. I assume they have to submit a SAQ D.

It's a black eye for the city, but the odds are it was a breach of the 3rd party and beyond the control of CoCS. That's just my educated opinion. I won't rule out that it was the fault of the city, but it seems unlikely knowing the requirements a business must follow to be able to accept CC payments.

I paid CSU online with my credit card. Within 3 days, charges showed up from a college bookstore in California and at a baby clothes store. The charges totaled over $500. The bank took care of it right away and was helpful. I follow my online banking closely and noticed the transactions when they were pending and not yet posted. At then time, I wasn't sure how someone got my card info. I only used it to pay CSU. It all makes sense now.

Had two cards stolen on the same day to the tune of a few thousand bucks, right before having to travel with hotels booked on the cancelled card.

Exactly how I wanted to start the week.

I was on auto-pay. Then paid with the automated phone system with the number they provided in the notice. No issues, no irregular charges.

Disappointing to hear that some had fraud charges after calling and paying through a representative. Something's not right there...

ChampsAg said:

---

Coworker was told no issues with autopay

---

I have autopay and they sent me an email telling me to pay another way (phone, in person, etc).