- The payment system in dozens of town across the US got hacked by cybercriminals.
- Security research firm confirmed that at least 294,929 payment records have been compromised in 46 U.S cities.
The government payment software Click2Gov was hacked by cybercriminals and the payment details of nearly 300,000 people were stolen. This has affected multiple towns, mid-cities, and cities across the United States.
A security research form confirmed that at least 294,929 payment records have been compromised in almost 46 U.S cities. The criminals have earned approximately $1.7 million by selling the records on the Dark Web for $10 per record.
More details on the attack
Security Research firm Gemini has published a report on 18, December 2018 which explains the details of the hack and how the vulnerabilities in the Click2Gov payment portal has affected multiples towns across the U.S.
The vulnerability in the payment software has allowed the hackers to get into the networks of the payment system and steal the records which included payment details such as debit card and credit card information. The affected towns and cities include Laredo, Texas, Topeco, Saint Petersburg, Florida, California, Ames, Bakersfield, and more.
“Click2Gov has worked with many of the affected towns to patch the software, and that the breaches have arisen in part because of a lack of sophistication on the part of municipal IT workers,” Stas Alforov, Director of Research, Gemini told Fortune.
Alforov confirmed that many of the towns have addressed the vulnerabilities in the Click2Gov payment software, but others have not, which means that the data exfiltration is still ongoing.
CentralSquare technologies, the licensing company that licenses the Click2Gov software did not respond to any comment on the attack.
For the US residents using Click2Gov payment portal, the data breach will not likely result in any financial loss since banks, financial institutions, and the credit card companies typically foot the bill in the case of stolen data. But the attack does mean all of the aggravations that go with identity theft, including the need to replace their credit cards and the possible damage to their credit scores.
“The hackers behind the breaches do not appear to be particularly sophisticated, but that they have nonetheless figured out how to profit from the weak security of local governments,” Alforov said.