Municipalities Breached from Click2Gov

June 30, 2018

 

One more local government has experienced a data breach, and the latest sufferer is Midland, Texas, where hackers leveraged a weakness in Superion’s Click2Gov job in the payment server utilized to make online payments for services. The list of towns affected carries on to increase and grows from Florida to California.

That hacker’s leverage known weaknesses in systems to gain access to data is no wonder. Malevolent hackers have been rising their attacks on local governments, and they carry on to abuse the known weakness in Superion’s Click2Gov software, as was the situation in Midland.

Earlier this month, Risk-Based Safety executive vice president Inga Goddjin blogged about the company’s probes into the breaches in Oxnard, California, on 25 May and in Wellington, Florida, on 6 June. The data breaches concentrated on the online utility bill payment facility named as Click2Gov. As per Goddjin, Superion informed Wellington that specific weaknesses in Click2Gov might have resulted in a probable breach of their online utility payment installation.

Superion has released a patch for the weakness that carries on to result in the increasing string of breaches, and while Superion cannot comment on the settings of their customers, they did confirm that “safeguarding our customers and their clients’ data is of the highest significance to Superion,” as per a representative in an electronic mail.

“Previous year we informed that a restricted number of on-premise customers had found doubtful activity on their servers that are utilized to host Superion’s Clock2Gov creation,” the representative said. “Upon knowing of the action, we proactively informed all Click2Gov clients. Moreover, Superion started an investigation and hired a forensic investigator to evaluate what occurred and decide proper remediation measures.”

Superion has worked to help a lot of clients with the use of patches to modernize and better safeguard their networks. “At this time, we have no proof demonstrating that it is insecure to make payments using Click2Gov on hosted or safe on-premise networks with suggested patches and formations. Superion doesn’t manage our clients’ networks.”

The breaches have so far affected just those locally hosted on-premise networks in specific cities and towns, and Superion verified that no customer in its data centers or in the Superion Cloud has confronted these problems, even when they are using the same software product. The business carries on to work closely with their clients to settle and remediate the problem.