Click2Gov data breach affected thousands of customers

St. Petersburg announces about the data breach involving the payment proceeding app Click2Gov

Click2Gov payment portal encountered data breachSt. Petersburg city got affected by the data breach of self-service payment software Click2Gov.

According to the recent announcement[1] of the city of St. Petersburg, city's payment app Click2Gov, which was used to help customers pay bills, parking tickets, and make other payments, was affected by the data breach. The incident occurred between August 11 and September 25, 2018, and was found to involve thousands of people. City's officials state that there are 28 000 customers who have been affected when their credit card information was compromised in this data breach.

Click2Gov was immediately shut down to prevent the unauthorized access when the malicious software was found on the server. The vendor informed the city's representatives about the incident on September 27 and the next day the city had a new system configured to go back to normal operation. The spokesman for the mayor of the city said that people who might be at risk are about to receive an email with more information regarding this issue.

Ben Kirby, a mayoral spokesman, also identified those who can feel safe:

If they don’t get information from us regarding this issue in the next several days, their information is safe.

This data breach affected people who used the online system for payments by credit card between August 11 and September 25, 2018. Other ones, who have made those payments using phone system, E-check or a different system should feel safe. Security patches[2] have been applied, and there might be additional analysis to make sure that the system is vulnerability-free:

The City of St. Petersburg takes protection of our data systems very seriously and constantly patches all our systems so that risks to our customer data can be minimized.

Not the first incident involving Click2Gov this year

At least eighteen cities of the United States have been involved in the data breach regarding Click2Gov payment proceeding application this year. In May, the company located in the city of Oxnard and relying on Click2Gov as the payment platform was warned about the breach. Additionally, breaches were found in three other municipalities. During these incidents, hackers managed to take over people's payment card information.

According to various analysis[3] and reports,[4] Click2Gov payment platform has been continuously reported as unsafe. Unfortunately, all incidents have in common one unpleasant fact – during each of these cases people's credit card numbers, verification codes, dates of expiration and personal information were stolen. Financial corporates and state organizations have become serious targets by malicious actors[5] during the recent years.

About the author
Lucia Danes
Lucia Danes - Virus researcher

Lucia is a News Editor for 2spyware. She has a long experience working in malware and technology fields.

Contact Lucia Danes
About the company Esolutions