Many cities in the United States utilize a self-pay portal for residents to pay bills online, known as Click2Gov. Click2Gov was compromised in 2017 and 2018, when hackers were able to access over 300,000 payment cards and reportedly made more than $2 million in the heist.

It is being reported this week by security researchers that starting sometime in August, Click2Gov systems have been attacked again, compromising the systems in eight cities so far. Six of those cities – Deerfield Beach, Florida, Palm Bay, Florida, Milton, Florida, Bakersfield, California, Coral Springs, Florida, and Ames, Iowa – also were hit in the previous attack.

According to the researchers, over 20,000 records have been compromised in the new attack, and credit card information attained from the attack is being sold on online crime forums. The researchers say that not only is the credit card information of the residents in the listed cities and states compromised, but also that payment cards belonging to individuals living in all 50 states may have been compromised in the attack.

Security experts are recommending that individuals who have paid any bills through Click2Gov check their payment card statements closely to detect any fraudulent transactions.