Cyber Incident Victim: City of Midland

The City of Midland, Texas, experienced a data breach in June 2018 resulting from exploitation of a vulnerability in Superion’s Click2Gov software, which facilitated online utility bill payments. Attackers targeted the payment server hosting this application, compromising personal data processed through the system. This incident occurred amid a broader pattern of breaches affecting multiple municipalities, including Oxnard, California (breached May 25, 2018) and Wellington, Florida (breached June 6, 2018). Superion, the software provider, had identified suspicious activity related to Click2Gov on-premise installations as early as 2017 and had proactively notified customers while initiating forensic investigations. The company developed and distributed patches to address the vulnerability, though some clients, including Midland, remained exposed due to unpatched on-premise environments. The breach impacted locally hosted servers running Click2Gov but did not affect systems in Superion’s data centers or cloud infrastructure.

Superion confirmed that attackers exploited a known flaw in the Click2Gov software to infiltrate Midland’s payment system. The company reiterated that properly patched and configured on-premise or hosted networks remained secure, emphasizing it did not control customers’ network environments. Forensic investigators assisted Superion in assessing the breach scope and remediation steps. While Midland’s specific data exposure details were not disclosed, the incident mirrored breaches in other municipalities where payment card and personal information were compromised. Superion collaborated with affected clients to apply security updates and implement corrective measures. The breach underscored persistent threats to local government systems reliant on third-party software with unmitigated vulnerabilities.