You are here

Threat Update - Click2Gov Victim Identifies Data on Dark Web, Suggests Potential Link to Breach

Threat Update - Click2Gov Victim Identifies Data on Dark Web, Suggests Potential Link to Breach

Created: Thursday, December 19, 2019 - 12:10
Categories:
Cybersecurity

Another city has come forward with information regarding the ongoing vulnerabilities with online utility payment provider Click2Gov. Unfortunately, this one comes with an added wrinkle. The city of Marietta, GA and the FBI have reason to believe data found on the dark web is linked with recent utility customer online transactions. While data is believed to have been stolen from all previously disclosed affected entities – a quick Google search for “Click2Gov breach” yields information on many previous disclosures –  this is the first entity to publicly identify potentially related data being offered for sale in the underground cybercrime market. According to reports, it is important to note that only manually entered transactions were at risk from being stolen. The auto pay system presumably did not suffer from the same vulnerabilities. This incident is a continued reminder of the importance of carefully managing risks posed from third-party service providers. Members utilizing Click2Gov are highly encouraged to independently assess your systems for potential compromise. Likewise, to help WaterISAC more effectively track the impact from the Click2Gov breach, we encourage any water or wastewater utility (member or non-member) to complete a confidential incident report or contact WaterISAC at analyst@waterisac.org or (866) H20-ISAC. Read the post at Marietta Daily Journal

Previous (non-exhaustive) reports on Click2Gov can be found on the WaterISAC portal: