City of Norman, OK temporarily suspends utility payment portal; ditches Click2Gov after another potential security incident
The City of Norman, Oklahoma has suspended its online portal for paying utility bills after they were notified of a potential security incident involving Click2Gov software by CentralSquare Technologies.
At this point, the city seems to have had enough with Click2Gov security issues. In June 2018, the city reported that about 2,300 residents may have been impacted by a breach involving Click2Gov. The city is currently in the process of switching over to another payment processor.
Norman is not the only city to have had two breaches involving Click2Gov. Other 2x victims were previously reported here.
The city issued the following press release:
All online payments for City of Norman utility services and permitting fees are suspended through November 12 while the City makes an emergency transfer to a new payment processor. Payments may be made in person at 201-C W. Gray St., by mail at the same address or by calling 405-366-5320 for Utility payments or 405-366-5339 for permitting and licensing fees.
The City was made aware of a potential security event this week involving Click2Gov, a third-party payment software system that processes some payments on behalf of the City. As a precaution, the City has taken down the Click2Gov payment servers and is in the process of implementing a new online payment solution through Paymentus. The new software is anticipated to be online by November 12.
The City of Norman takes cyber-security and the public’s data very seriously. The City works on a daily basis to ensure its online systems are secure to the highest extent possible, and the safeguarding of its citizen’s financial information is the City’s highest priority. The City is currently working with CentralSquare, the parent company of Click2Gov, and other third-party experts to determine the scope of the security event.
An investigation into the event at Click2Gov by the Federal Bureau of Investigation is ongoing. Once the investigation is complete, all potentially impacted parties will be notified as required by the law.
Previous coverage of Click2Gov breaches is linked from here.