Eight US Cities See Payment Data Card Stolen (Sep 20, 2019)
Gemini Advisory has reported that more than 20,000 payment card records have been harvested from the Click2Gov payment portals of eight U.S. cities. Click2Gov payment portals are used by many U.S. cities to provide residents with a method to pay city bills and utilities online. CentralSquare Technologies, the company that developed Click2Gov, says it has been working closely with customers and investigative resources to resolve the issues and keep systems updated and protected. According to the vendor, the vulnerability in the Click2Gov software has been patched, and the affected cities are attempting to figure out whose data was compromised and send notifications.
Recommendation: The financial information that was disclosed seems to be comprehensive, and victims could have their identity stolen and financial transactions made in their name. Users that believe they have been impacted should monitor their credit cards and bank accounts for unusual activity.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.