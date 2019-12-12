A cyber security firm has identified more than 2,500 records from Waco illegally posted for sale online after a breach of the city's online billing system for water customers.
This week, the city announced a breach of the Click2Gov payment portal had potentially affected customers who made payments on the system between Aug. 30 and Oct. 14. Names, addresses, credit card numbers, expiration dates and card verification value numbers were left vulnerable, according to a city press release.
Gemini Advisory, which released in-depth reports about Click2Gov data breaches in 2017, 2018 and 2019, found more than 2,500 records from Waco were posted for sale on the dark web.
Centralsquare, the vendor that operates Click2Gov, first alerted the city of a potential breach Nov. 8, prompting a city investigation that is continuing. Dozens of cities have had the same experience, starting with the first wave of attacks in 2017, said Stas Alforov, director of research and development at Gemini.
Alforov said when the first wave of attacks occurred, most of the breached municipalities ran the Click2Gov software on their own servers, rather than paying an additional cost to host the program on a cloud-based server run by the company. Centralsquare, then known as Superion, put out statements urging affected cities to use the cloud instead.
“When we looked at it originally, we identified that it was really the lack of municipalities updating to the latest versions of Click2Gov,” Alforov said. "The (municipalities) didn’t update their software or they weren’t paying as much attention to it. That’s kind of what we were going with for a while. However, the recent set of events … one pattern emerged.”
Alforov said the new wave of attacks started in summer 2019. This time, cities that had been hit in 2017 and last year were breached a second time, along with new victims.
“At this point, they had maintained a very good security posture of keeping all their software up to date,” Alforov said.
According to reports from databreaches.net, the new wave of attacks also includes cities that hosted the software on the cloud-based server.
“In this case, we’re seeing that Click2Gov is really having an issue across the board,” Alforov said. “A lot of the customers are being breached.”
City of Waco spokesman Larry Holze said the city cannot disclose any details about what kind of server was in use when the breach occurred.
“The security of the processes and data used in the collecting of our water customers' payments continues to be a priority, and we can't disclose any information that might foster future invasion of the processes we use,” Holze said. “We continue to work closely with our third party vendor, Click2gov, and feel confident that together we can provide safe processing of our customers' water payments.”
The city is running an assistance line at 833-947-1419 to answer customer questions. The line is open form 8 a.m. to 8 p.m. Monday through Friday. They city also started sending letters this week to customers who may have been caught in the breach.
Alforov said anyone who might have been caught in the breach should check their credit card payment history for odd transactions, especially ones for small amounts of money. He said it is common for criminals to test out stolen credit card information with small transactions before moving to larger ones.
Post a comment as
Report
Watch this discussion.
(0) comments
Welcome to the discussion.
Log In
Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.