Payment card thieves hack Click2Gov bill paying portals in 8 cities

by
Dan Goodin
from Ars Technica - All content on (#4QSCN)
payment-cards.jpg

Enlarge (credit: Mighty Travels / Flickr)

In 2017 and 2018, hackers compromised systems running the Click2Gov self-service bill-payment portal in dozens of cities across the United States, a feat that compromised 300,000 payment cards and generated nearly $2 million of revenue. Now, Click2Gov systems have been hit by a second wave of attacks that's dumping tens of thousands of records onto the Dark Web, researchers said on Thursday.

The new round of attacks began in August and have so far hit systems in eight cities, six of which were compromised in the previous episode, researchers with security firm Gemini Advisory said in a post. Many of the hacked portals were running fully up-to-date systems, which raises questions about precisely how the attackers were able to breach them. Click2Gov is used by utilities, municipalities, and community-development organizations to pay bills and parking tickets as well as make other kinds of transactions.

"The second wave of Click2Gov breaches indicates that despite patched systems, the portal remains vulnerable," Gemini Advisory researchers Stas Alforov and Christopher Thomas wrote. "It is thus incumbent upon organizations to regularly monitor their systems for potential compromises in addition to keeping up to date on patches.

Read 6 remaining paragraphs | Comments

index?i=0EZBpa-HeGo:EnQ_krYOw7M:V_sGLiPB index?i=0EZBpa-HeGo:EnQ_krYOw7M:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments