[BreachExchange] Sugar Land payment system data breach among a wave of Click2Gov attacks

Destry Winant destry at riskbasedsecurity.com
Mon Dec 16 10:17:21 EST 2019


The City of Sugar Land joined dozens of other cities that learned that
Click2Gov, the online payment system used by the city, experienced a
data breach involving residents making one-time credit card payments
where the citizen manually typed in their credit card information to
the online payment system. Similar data breaches have affected other
cities across the state and nationwide.

“We continue to work with local and Federal authorities, as well as
forensic specialists, and will notify any customers who were impacted
after the investigation has been completed,” said Assistant City
Manager Chris Steubing in a press release. “So far, we know that
customers who used recurring credit card payments are not impacted
unless they entered new credit card information. Those customers who
paid by phone or in person are not at risk.”

The city was notified on October 25th by CentralSquare that there may
be a minor issue with the payment processing system. The magnitude of
the breach wasn’t known until Dec. 12.

City officials say customers who paid their bills for a service
through the “One-Time Payment” method should closely monitor credit

City officials say the data breach remains the focus of an ongoing
comprehensive investigation including all payment options and any
affected customers will be notified following the investigation’s
conclusion. The city is already in the process of initiating a new
payment system in 2020, and more detail will be shared as the schedule
is confirmed.

“It is our goal to ensure the safety and integrity of online
transactions and implement new strategies to address anything
uncovered in this investigation,” said Steubing. “We remain committed
to making sure Sugar Land remains safer than ever before.”

Alternative payments may always be made by phone at 281-275-2750, by
mail to: P.O. Box 5029, Sugar Land, Texas, 77487, in person at 2700
Town Center Blvd. North; or via a drop box. For more information visit

More information about the BreachExchange mailing list