The city uses a third-party software product to process payments for several city services. Between Aug. 11 and Sept. 25, malicious software was on the payment server, making it susceptible to unauthorized access.