[BreachExchange] Click2Gov breach threatens credit card data of Hanover County residents

Destry Winant destry at riskbasedsecurity.com
Wed Jan 16 23:51:18 EST 2019


https://www.scmagazine.com/home/security-news/click2gov-breach-threatens-credit-card-data-of-hanover-county-residents/

A data breach of an third-party online payment system has compromised
the personal information of Hanover County, Virginia, residents.

In an official online notification, county officials have disclosed
that an unauthorized party stole credit card information processed by
the Click2Gov payment portal between Aug. 1, 2018 and Jan. 9, 2019.
Exposed information includes customer names, credit card numbers and
expiration dates.

A product of CentralSquare Technologies, Click2Gov is a portal used by
government entities to accept payments for permits, licenses, fines
and utilities.

In response to the incident, the county “isolated the Click2Gov system
from public access to try to find what information had been
compromised and whether the County’s system was still vulnerable,” the
notification states. Additionally, “The county has been working with
MS-ISAC and CERT, outside agencies that deal with information
breaches, to complete a full forensic analysis of what occurred. The
county is also working with the software company and has built a new
Click2Gov server using different software than the program that was
involved in the original breach.”

According to the notification, Hanover County officials first learned
of the breach from Gemini Advisory, a group that monitors Internet
websites for exposed credit card information.

Back in October 2017, software company Superion, which ran Click2Gov
before CentralSquare later acquired it, disclosed a major data breach
that affected tens of thousands of local government customers across
the country. Considering the announced timeline of the Hanover County
breach, the two incidents do not appear to be related in any way.

“Throughout last year and this year, we have diligently kept our
customers informed while working with them to keep their local premise
systems updated and protected,” said CentralSquare Technologies in
comments supplied to SC Media. “It is important to note that these
security issues have taken place only in local on-premise environments
in certain towns and cities. Additionally, our customers have been
contacted directly by email and phone on an ongoing basis. We
continually work with each client to help identify risk, while working
with them to apply the latest patches and updates available for these
systems, including patches for the third-party software that
contributed to the issue..”

“For security and confidentiality reasons, we cannot disclose any
information about our customers, their environments or their security,
nor are we in a position to comment on any investigations,” the
statement continued. “Meanwhile, we continue our efforts in helping
our customers to swiftly resolve this matter.”


More information about the BreachExchange mailing list