Since August, 20,000 payment card records have been compromised in a new wave of hacks against the US bill-pay portal Click2Gov.
This is the second series of cyber attacks to affect the self-service bill-pay portal for utilities, community development and parking tickets in two years. The previous wave begun in December 2018 and affected over 300,000 records.
Cybersecurity firm Gemini Advisory researchers Stas Alforov and Christopher Thomas revealed the new hack in a post. They wrote that eight cities across the US have been affected by this second breach so far. Six of those cities were affected in the 2018 wave, which is estimated to have resulted in $1.9m in illicit revenue.
While several of the cities had already patched their digital defences after the first attack, the researchers argue that these portals still remain vulnerable.
Since the second wave of attacks began in August, Gemini Advisory have noted that 20,000 records have been offered on sale across the dark web.
CentralSquare Technologies, the company that markets Click2Gov, has issued a statement, saying, “We have recently received reports that some consumer credit card data may have been accessed by unauthorized or malicious actors on our customers’ servers. It is important to note that these security issues have taken place only in certain towns and cities.
“We have immediately conducted an extensive forensic analysis and contacted each and every customer that uses this specific software, and are working diligently with them to keep their systems updated and protected. At this time, only a small number of customers have reported unauthorized access.”
Copyright © 2018 RegTech Analyst
