Cyber Incident Victim: City of Dothan
Date:
Aug 2019
Location:
United States of America
Summary
A cybersecurity incident impacted the City of Dothan's online utility payment system operated by CentralSquare Technologies' Click2Gov software. Attackers compromised the platform using a "screen scraper" technique to steal payment card information and addresses from customers entering data manually during transactions. Individuals using stored payment details were unaffected, while those making one-time payments or new users faced potential exposure. The breach occurred over a multi-week period, affecting residents utilizing the portal, though the discovery timeline and whether the city or its vendor identified the intrusion remain unclear. This event aligns with similar compromises reported across dozens of municipalities relying on the same payment processing application.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Dothan, Alabama, experienced a data breach involving its online utility payment system between August 26 and October 14, 2019. The breach occurred through Click2Gov software provided by third-party processor CentralSquare Technologies, which the city used for handling online payments. Attackers compromised the system using a "screen scraper" process designed to capture payment card information entered by customers during transactions. The breach specifically impacted customers who manually typed their payment details into the portal during the nearly two-month window, including those using one-time payments or new customers setting up accounts. Customers who utilized stored payment information from previous transactions were not affected by this particular incident. The city publicly disclosed the breach in an official statement confirming CentralSquare's software compromise, though neither the city nor CentralSquare clarified whether Dothan discovered the intrusion independently or received notification from the vendor.
CentralSquare Technologies characterized the attack method as involving data extraction through screen scraping techniques targeting live payment transactions. Forensic analysis indicated the breach window spanned approximately seven weeks before being contained on October 14. The city coordinated notification efforts with CentralSquare but did not disclose specific remediation measures taken beyond acknowledging the third-party system compromise. Financial institutions began detecting fraudulent charges on cards used for Dothan utility payments during the exposure period, confirming unauthorized access to payment data. The incident marked Dothan among more than fifty municipalities affected by Click2Gov breaches at the time, though CentralSquare did not clarify whether this incident stemmed from a previously identified vulnerability or a new exploit. Impacted customers were advised to monitor financial statements for suspicious activity following the disclosure.