Municipalities Breached from Click2Gov Flaw

Municipalities Breached from Click2Gov Flaw

Another local government has suffered a data breach, and the latest victim is Midland, Texas, where hackers leveraged a vulnerability in Superion’s Click2Gov function in the payment server used to make online payments for utilities. The list of cities affected continues to grow and expands from Florida to California.

That hackers leverage known vulnerabilities in systems in order to gain access to data is no surprise. Malicious hackers have been increasing their attacks on local governments, and they continue to exploit the known vulnerability in Superion’s Click2Gov software, as was the case in Midland.

Earlier this month, Risk Based Security executive vice president Inga Goddjin blogged about the company's investigations into the breaches in Oxnard, California, on 25 May and in Wellington, Florida, on 6 June. The data breaches focused on the online utility bill payment service named as Click2Gov. According to Goddjin, Superion notified Wellington that certain vulnerabilities in Click2Gov might have led to a possible breach of their online utility payment installation.

Superion has issued a patch for the vulnerability that continues to lead to the growing string of breaches, and while Superion can not comment on the environments of their clients, they did affirm that “protecting our customers and their clients’ data is of the utmost importance to Superion,” according to a spokesperson in an email.

“Last year we reported that a limited number of on-premise clients had identified suspicious activity on their servers that are used to host Superion’s Clock2Gov product," the spokesperson said. "Upon learning of the activity, we proactively notified all Click2Gov customers. Additionally, Superion launched an investigation and engaged a forensic investigator to assess what happened and determine appropriate remediation steps.”

Superion has worked to assist many customers with the application of patches in order to update and better secure their networks. “At this time, we have no evidence showing that it is unsafe to make payments utilizing Click2Gov on hosted or secure on-premise networks with recommended patches and configurations. Superion does not control our customers’ networks.”

The breaches have thus far affected only those locally hosted on-premise networks in certain towns and cities, and Superion confirmed that no client in its data centers or in the Superion Cloud has faced these issues, even when they are using the same software product. The company continues to work closely with their customers to resolve and remediate the matter.

Source: Information Security Magazine