When a government body creates a self – service payment system for everything from bills of services to licenses and fines, you would expect convenience to be linked to adequate financial data security.
This is not necessarily the case with Click2Gov, a payment portal system that is used by many small and large US cities.
Developed by Central Square, formerly known as Superion, it was rumored last year that a data breach could have occurred to the local government portal service.
It was suggested that the new malware strains, Firealarm and Spotlight, could parse logs and extract payment details for payment card data.
The security research firm Gemini Advisory has now published a report examining the after-effects of the attack, in which it is estimated that 294,929 payment records in at least 46 cities in the US and one in Canada have been compromised.
The findings indicate that less than 50% of cities that have lost customer data are aware of or have publicly disclosed data breaches at their sites.
On Tuesday, the company said that the actors of the threat earned at least $ 1.7 million by selling this information on the Dark Web.
Meanwhile, Central Square is still trying to determine how the attacks occurred-and potentially portals are still at risk. In June, the company deployed a patch to resolve the original vulnerabilities that hackers used to infiltrate Click2Gov, but advised Gemini Advisory that “the system remains vulnerable for an unknown reason.” However, the company added that the affected systems were all hosted locally, while the Click2Gov cloud – based software did not. Local systems therefore appear to have security issues to be addressed. In the last three months, Saint Petersburg, Florida, Bakersfield, California and Ames, Iowa, all reported data breaches of the utility payment portal.
Payment data from these portals has been found to be sold on the web.
“We have definitively confirmed in our analysis of all 20 reported Click2Gov breaches that a total of at least 111,860 payment cards have been compromised, ” says Gemini Advisory.” The stolen payment cards were also uploaded for sale in each case; either during the infringement or immediately after the infringement was identified and reported, at an average price of $ 10 per card.
“Two hackers were tracked through their wares, both of which the cyber security company believes are probably part of the criminal ring that led to the widespread attacks.
Gemini’s Research Director, Stas Alforov, told Fortune that Click2Gov is working with local authorities to solve the security problems that still exist, and data robbery is partly due to ” lack of sophistication on the part of municipal IT personnel.”