St. Pete data breach exposes more than 28,000 credit, debit cards

ST. PETERSBURG — The credit and debit card information of more than 28,000 people was exposed because of a six-week-long data breach of the city's website, St. Petersburg officials announced Tuesday.

The city uses Click2Gov, a third-party vendor that allows users to pay utility bills, parking tickets, business license fees, building permit fees and civil citations online. Between Aug. 11 and Sept. 25, according to a letter the city is sending to affected customers, malware left anyone paying their bills via the internet portal susceptible to having their credit or debit card information compromised.

Those who are at risk will receive an email or letter from the city with more information, said mayoral spokesman Ben Kirby.

"If they don't get information from us regarding this issue in the next several days, their information is safe," Kirby said.

St. Petersburg and the vendor had replaced the affected system by Friday afternoon.

"The city takes protection of its data systems very seriously," reads the letter sent to those affected. The letter notes that the breach occurred even though security patches were installed in January, April, May and August and the system was tested to ensure the data was protected.

"The city is currently investigating why these steps did not prevent the installation of the malicious software that led to the breach of the credit card processing functionality on Click2Gov," the letter said.

The information accessed was located on a city server. The breach does not appear to affect other governments that use Click2Gov.

St. Petersburg did not go so far as to encourage those who used the site from Aug. 11 to Sept. 25 to cancel their cards, but is instead encouraging them to monitor their bank accounts and consider ordering a free credit report.

Contact Zachary T. Sampson at zsampson@tampabay.com or (727) 893-8804. Follow @ZackSampson.