[BreachExchange] City of Bakersfield announces data breach from hacked Click2Gov system
Destry Winant
destry at riskbasedsecurity.com
Wed Nov 14 03:00:01 EST 2018
https://www.bakersfield.com/news/city-of-bakersfield-announces-data-breach-from-hacked-click-gov/article_753d61ba-e6d3-11e8-a527-8316ecef574f.html
The city of Bakersfield has reported that a “cyber-security incident”
may have compromised the personal and financial information of those
who used the city’s Click2Gov online payment processor.
In a news release sent this afternoon, the city said it was notified
that payment cards used legitimately through Click2Gov were later
detected to have been used in fraudulent activity.
“Safeguarding financial information is the city’s highest priority.
The city takes cyber-security very seriously and works daily to ensure
all online systems are secured to the highest extent possible,” the
city said in a statement.
The city investigated the initial report and discovered an
unauthorized party had inserted a code into the Click2Gov system,
which was developed by the third-party vendor CentralSquare
Technologies and used by the city to process payments for building
permits, utility bills and other activities.
The city said the code was designed to capture payment card data and
other information entered through Click2Gov between Aug. 11 and Oct.
1.
A total of 2,400 user accounts may have been affected, the city said
in its statement.
The information taken includes name, address, email address, payment
card number, expiration date and security code.
The city has since removed the code from the Click2Gov system.
“The city regrets any inconvenience or concern this incident may have
caused,” the city’s statement read.
Other municipalities appear to have also experienced similar data breaches.
News organizations have reported on Click2Gov hacks that took place
during the past year in Tyler, Texas, St. Petersburg, Florida, and
Oxnard, among others.
The city has sent letters have to those potentially effected by the
breach. The letters include further steps individuals can take to
protect their information online.
The city has also implemented enhanced security measures to protect
data, and has notified regulatory and law enforcement bodies across
multiple jurisdictions.
More information can be found at www.bakersfieldcity.us/click2govnotice.
Those with receive a notice from the city and have more questions may
call 888-278-8028.
More information about the BreachExchange
mailing list