Another Data breach incident; Click2Gov’s 300 000 users get affected

Click2Gov was found to be dealing with yet another data breach. This time, cybersecurity experts’ team called Gemini revealed this as a result of the headlines that payment system got hacked in various U.S cities.

Around 46 cities felt the consequences of this attack. Among them, the widely affected cities are:

  • Texas;
  • Saint Petersburg;
  • Florida;
  • California;
  • Laredo;
  • Topeco

Vulnerabilities in the Click2Gov payment software caused the data theft

Click2Gov is a widely used payment technology that offers up-to-date, online views of customer utility accounts, and provides several convenient payment options. Around 294,929 users’ payment records get stolen by this attack. According to the report, the cyber criminals behind this attack have been selling the records on the Dark Web for $10 each. At present, they managed to earn a surprising amount of around $1.7 million.

The cyber criminals gained the debit and credit card credentials, usernames, surnames and passwords. The vulnerability in the payment software made them succeed in their plan. Due to the vulnerability, they gained to access to Click2Gov’s servers that contain all important credential. According to unknown sources, the credential information might be misused in the future for launching bot attacks. The main purpose behind this is to gain access to other accounts on the Internet.

Gemini said;

“Click2Gov has worked with many of the affected towns to patch the software, and that the breaches have arisen in part because of a lack of sophistication on the part of municipal IT workers.”

Data breaches won’t cause money loss

However, the cyber criminals managed to theft credit and debit card credentials, but, this will not cause in any monetary losses for the Click2Gov’s users. This is because; there are specific actions taken whenever important data is stolen. So, what the users need is to take out a new credit card.

Gemini already informed Federal Law Enforcement about the incident

“Gemini Advisory has provided all of the Click2Gov associated breach information to Federal Law Enforcement and is actively working to assist them in further investigation. Furthermore, we have contacted Superion, now known as CentralSquare technologies, and have shared our findings, including the list of affected cities, in order to assist them in victim notification.”

Federal Law Enforcement has handled most law enforcement duties at the federal level. And, a CentralSquare technology is that organization which gives license to the Click2Gov software. The cybersecurity team, the Gemini claimed that they give all the details about the incident to the both, and are hoping that all things will be taken care of properly very soon.