The Fort Worth, Texas Water Department is notifying about 3,000 customers that their payment information may have been exposed during a data breach.

The utility reported that payments made between August 27, 2019 and October 23, 2019 were included in the breach and the content exposed included cardholder’s name, credit card billing address, credit card number, card type, credit card security code (CVV) and card expiration date.

The only customers affected were those who entered their payment card information for a specific payment, those who had set up a recurring payment plan were not involved unless they entered a new payment card during the period in question.

The breach occurred at CentralSquare, the vendor the water department uses to interact with the Click2Gov software that powers the H2Online payment system. The malware has been removed from CentralSquare’s system and the utility is continuing its migration away from Click2Gov to the Paymentus system.

Click2Gov itself was hit with a separate data breach in September 2018 that affected many of its municipal customers.