Attackers breached Click2Gov payment portals in 8 cities compromising over 20,000 payment card records

• Researchers have observed the second wave of Click2Gov breaches that have hit 8 cities in 5 states, compromising over 20,000 payment card records.
• The impacted cities include Deerfield Beach, Palm Bay, Milton, and Coral Springs in Florida, Bakersfield in California, Pocatello in Idaho, Broken Arrow in Oklahoma, and Ames in Iowa.

What’s new?

Researchers from Gemini Advisory have observed the second wave of Click2Gov breaches in August 2019, that have hit 8 cities in 5 states, compromising over 20,000 payment card records.

The compromised 20,000 records have been available for sale on the dark web.

What do we know so far?

During 2017 and 2018, attackers breached Click2Gov portals belonging to dozens of cities across the United States and Canada. This attack resulted in the compromise of over 300,000 payment card records.

Impact of latest breaches

Out of the eight impacted cities in the last breach, the Click2Gov portals of six had already been compromised in the initial breach. This indicates that although the impacted cities patched their systems, the portal remains vulnerable.

• The impacted cities include Deerfield Beach, Palm Bay, Milton, and Coral Springs in Florida, Bakersfield in California, Pocatello in Idaho, Broken Arrow in Oklahoma, and Ames in Iowa.
• Out of these, Deerfield Beach, Palm Bay, Milton, Coral Springs, Bakersfield, and Ames have already been breached in the initial attack.

“The second wave of Click2Gov breaches indicates that despite patched systems, the portal remains vulnerable. It is thus incumbent upon organizations to regularly monitor their systems for potential compromises in addition to keeping up to date on patches,” Gemini Advisory said.

The Response

CentralSquare Technologies, the company that owns the Click2Gov payment portal told that it has launched a forensic investigation on the incident and is working with its customers to fix the issue.

“We have recently received reports that some consumer credit card data may have been accessed by unauthorized or malicious actors on our customers’ servers. It is important to note that these security issues have taken place only in certain towns and cities. We have immediately conducted an extensive forensic analysis and contacted each and every customer that uses this specific software, and are working diligently with them to keep their systems updated and protected,” CentralSquare Technologies told Databreaches.net.