The city has sent notices to the 6,500 residents who use the pre-authorized payment system alerting them to check with their banks and credit unions. The breach occurred on July 22.
Once the vulnerability was detected, a patch was applied to prevent further unauthorized access and a replacement computer server was set up to prevent further breaches.
But, users are still being asked to monitor their bank accounts and to change their passwords on the municipal server or any other services that use the same password.
Dean Fortin, mayor of Victoria, says he is unhappy about the breach and frustrated it took 11 days before the software company, Adobe, told the city about it.
"We're tracking that down, because obviously there's a big concern," said Fortin, who said he was upset it took another few days before city staff told him about the breach.
"I am happy to hear our staff immediately patched it, but I am also going to look into why it took so long to get the information."
No one from Adobe has been available to comment.
The city of Victoria is not the only municipality whose software has been compromised.
The cities of of Abbotsford, Maple Ridge and the district of West Vancouver also reported a breach of the Adobe software that allows for pre-authorized payments.