Almost four dozen Click2Gov breaches later and almost 300,000 affected; data showing up on dark web – report
Jeff John Roberts reports on a new report and analysis by Gemini Advisory:
Paying parking tickets or municipal water taxes is never fun—and it’s even worse when hackers have compromised your town’s payment system. Yet, that’s what happened in dozens of towns across the U.S. where cyber crooks have made off with the personal data of nearly 300,000 people.
Security research firm Gemini Advisory published a report Tuesday that provides new details on how vulnerabilities in Click2Gov, a widely used type of government payment software, has affected towns from Oceanside, Calif. to Sarasota, Fla.
The report partially addresses one of the questions I have repeatedly asked in my posts about these breaches. As to why this continues to happen, Gemini reports:
According to CentralSquare Technologies, the initial vulnerability which was identified in 2017 had been successfully mitigated, with all users being advised to deploy the software patch as soon as possible. However, it appears that the attackers uncovered another undetected vulnerability, which has yet to be patched.