A cyber breach of a popular self-service payment program for private companies, banks and local governments has compromised the personal data of nearly 300,000 people in 46 U.S. cities, according to security research firm Gemini Advisory. In all, there were 20 reported instances of Click2Gov breaches, resulting in 111,860 payment cards compromised and earning the culprits an estimated $1.7 million on the dark web.
“During routine monitoring of the underground marketplaces that specialize in the sale of compromised payment card data, we noticed an out-of-pattern concentration of victims located in small-to-medium U.S. cities,” according to the report. “Despite Superion’s efforts to address the vulnerability in Click2Gov software, Saint Petersburg, Florida, Bakersfield, California, and Ames, Iowa, all reported online utility payment breaches on October 2, 2018, November 14, 2018, and December 2, respectively. All three reports claimed that the point of compromise was the Click2Gov software.”
The source of the breach is not yet known.