Cyber Incident Victim: Click2Gov
Date:
Dec 2018
Location:
United States of America
Summary
Hackers exploited vulnerabilities in widely used government payment software, Click2Gov, to steal payment card data from citizens processing municipal transactions such as fines, taxes, and permits. The breach impacted 46 U.S. municipalities, compromising nearly 300,000 payment records, with stolen data sold on the dark web generating approximately $1.7 million in criminal profits. Attackers leveraged weak security measures in local government systems rather than sophisticated techniques, leading to ongoing risks of identity theft, card replacement burdens, and potential credit score damage for affected individuals, though financial institutions typically absorbed direct monetary losses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Click2Gov incident involved cybercriminals exploiting vulnerabilities in municipal payment software to steal payment card data from citizens across multiple U.S. cities. Security researchers first identified vulnerabilities in the Click2Gov platform, widely used by local governments for processing online payments for fines, taxes, and permits, in 2017. By December 2018, cybersecurity firm Gemini Advisory confirmed that attackers had compromised payment systems in at least 46 municipalities, including Oceanside, California and Sarasota, Florida. Hackers infiltrated the payment networks to intercept credit and debit card information during transactions, harvesting 294,929 payment records. The stolen data was subsequently sold on dark web marketplaces, generating approximately $1.7 million in criminal proceeds. FireEye, another cybersecurity firm, had previously validated that these attacks represented a nationwide security issue affecting numerous local government portals. The attackers demonstrated moderate technical sophistication but successfully capitalized on inadequate security measures maintained by municipal operators of the Click2Gov system.
The breach exposed affected citizens to significant identity theft risks, including unauthorized card charges, forced card replacements, and potential credit score damage. Financial institutions typically absorbed direct monetary losses through fraud protection programs, though impacted individuals faced administrative burdens and personal security concerns. Gemini Advisory's December 2018 report revealed that while many municipalities had patched the vulnerabilities following initial reports in 2017, some local governments failed to implement necessary security updates, allowing continued data theft operations. The incident highlighted systemic security weaknesses in local government IT infrastructure, particularly regarding third-party payment processing systems. No coordinated federal response or software recall was mentioned in available reports, leaving individual municipalities responsible for vulnerability remediation. The scale of compromised records indicated sustained unauthorized access to payment systems over an extended period prior to detection and public disclosure.