Researchers from Gemini Advisory have observed the second wave of Click2Gov breaches in August 2019, that have hit 8 cities in 5 states, compromising over 20,000 payment card records.
The compromised 20,000 records have been available for sale on the dark web.
What do we know so far?
During 2017 and 2018, attackers breached Click2Gov portals belonging to dozens of cities across the United States and Canada. This attack resulted in the compromise of over 300,000 payment card records.
Impact of latest breaches
Out of the eight impacted cities in the last breach, the Click2Gov portals of six had already been compromised in the initial breach. This indicates that although the impacted cities patched their systems, the portal remains vulnerable.
“The second wave of Click2Gov breaches indicates that despite patched systems, the portal remains vulnerable. It is thus incumbent upon organizations to regularly monitor their systems for potential compromises in addition to keeping up to date on patches,” Gemini Advisory said.
CentralSquare Technologies, the company that owns the Click2Gov payment portal told that it has launched a forensic investigation on the incident and is working with its customers to fix the issue.
“We have recently received reports that some consumer credit card data may have been accessed by unauthorized or malicious actors on our customers’ servers. It is important to note that these security issues have taken place only in certain towns and cities. We have immediately conducted an extensive forensic analysis and contacted each and every customer that uses this specific software, and are working diligently with them to keep their systems updated and protected,” CentralSquare Technologies told Databreaches.net.