The city of Bakersfield said a third-party site used to process payments to the city was breached exposing names, addresses and credit card information.
The city said it began notifying potentially affected customers of the breach Monday. The city said the breach occurred between Aug. 11 and Oct. 1.
According to the city, it began investigating into a possible breach after receiving reports of fraud on cards used in the Click2Gov online payment portal.
Residents use Click2Gov to pay for building permits, business license renewals and utility accounts.
The city found that Click2Gov had been breached and malicious code had been put into the system capturing payment card data like names, card numbers, expiration dates, card security codes, home and email addresses.
The city said it worked with the software vendor to remove the malicious code from the Click2Gov system.
For more information about the breach, visit bakersfieldcity.us/click2govnotice.