Cyber Incident Victim: City of Tyler
Date:
Jun 2018
Location:
United States of America
Summary
A cybersecurity breach impacted the City of Tyler's Click2Gov online payment system, compromising customer payment card details including numbers, security codes, and expiration dates, alongside personal information such as names and addresses. The incident affected individuals who made in-person or one-time online payments for utilities and municipal court services, though phone and kiosk transactions remained secure. The municipality disconnected its payment system from the software provider upon discovery, implemented enhanced security measures, and collaborated with law enforcement during the investigation. Affected customers were notified and advised to monitor financial statements for unauthorized activity while the organization worked to restore secure payment operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Tyler experienced a security breach involving its Click2Gov online payment system, operated by software provider Superion, which was discovered in August 2018. Unauthorized third parties accessed the system between June 18 and August 21, 2018, compromising payment card data and personal information for customers who made in-person or one-time online payments for municipal utilities and court fines. The compromised data included credit card numbers, security codes, expiration dates, full names, addresses, and ZIP codes. Payments processed through 24-hour kiosks or telephone IVR systems remained unaffected. City officials were notified of the breach by Superion and immediately severed their payment connection to the vendor while launching an investigation to determine the scope of compromised customer accounts.
Upon confirming the breach, the City implemented additional security measures to prevent future attacks and restored the online payment system after securing it. Municipal authorities collaborated with law enforcement agencies to address the incident and initiated customer notification procedures to identify and contact affected individuals. The City advised impacted customers to review credit card statements for unauthorized charges, request new payment cards from issuers, place fraud alerts with major credit bureaus (Equifax, Experian, and TransUnion), and file reports with IdentityTheft.gov or IC3.gov. No evidence suggested the breach enabled manipulation of utility billing amounts. The City established a dedicated phone line and email address for customer inquiries regarding the incident while expressing regret for the inconvenience caused.