Potential data breach found on Charlottesville tax collections

CHARLOTTESVILLE, V.A. (WVIR) - The city of Charlottesville is investigating the possibility of a data breach.

The city says a security flaw was found on a third party vendor’s online payment software for city tax collections. That payment portal is used by other localities.

When the issue was found on Friday, the software was immediately disabled and the city switched to an alternate secure service, which is still in use. Charlottesville is digging into the nature of the security flaw and will notify customers of the results and impacts.

The city dealt with a separate cyber security breach that compromised utility customer information earlier this year.

Statement from Charlottesville Director of Communications Brian Wheeler:

A security flaw was discovered Friday in a vendor’s online payment transaction software. The City of Charlottesville’s Treasurer Office uses the third-party software for real estate and personal property tax payments collected via the City’s website. This third-party payment portal is used by other Virginia government localities.

Upon discovery, the City immediately disabled the software and alerted the responsible vendor. By early afternoon Friday, an alternate and secure payment service was activated and remains in service. The City is conducting additional research about the exact nature of the security flaw. We take matters related to securing our computer systems and the confidential information of our employees, residents, and customers very seriously. While in this case it was third-party software, the City will work to ensure that our customers are appropriately notified of the results of this investigation.