Cyber Incident Victim: Hanover County
Date:
Aug 2018
Location:
United States of America
Summary
A data breach impacting Hanover County residents compromised credit card information processed through the third-party Click2Gov payment portal, exposing customer names, card numbers, and expiration dates. The county isolated the affected system, engaged external cybersecurity agencies for forensic analysis, and rebuilt the server using different software to address vulnerabilities. Officials were alerted to the incident by a firm monitoring exposed payment card data online. The payment portal's provider emphasized ongoing collaboration with clients to apply security updates and patches, particularly for third-party software contributing to the issue, while declining to disclose specific customer environment details.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Hanover County data breach involved unauthorized access to credit card information processed through the Click2Gov online payment portal between August 1, 2018, and January 9, 2019. Attackers compromised customer names, credit card numbers, and expiration dates submitted by residents for government services including permits, licenses, fines, and utility payments. The breach affected a third-party system operated by CentralSquare Technologies, which had acquired Click2Gov from Superion. County officials first learned of the incident through Gemini Advisory, a cybersecurity firm monitoring underground markets for stolen payment card data. This notification triggered the county's investigation, though the specific intrusion method wasn't disclosed in public statements. The incident timeline indicates it occurred separately from Superion's earlier October 2017 Click2Gov breach that impacted other municipalities.
Hanover County immediately isolated the compromised Click2Gov system from public access to assess vulnerabilities and determine the scope of compromised data. Officials collaborated with the Multi-State Information Sharing and Analysis Center (MS-ISAS) and Computer Emergency Response Team (CERT) to conduct forensic analysis while coordinating with CentralSquare Technologies on remediation. The county constructed a replacement Click2Gov server using different software than the breached system. CentralSquare maintained that security issues were limited to local on-premise implementations, not their cloud environments, and stated they had provided ongoing client communications about system updates and patches throughout 2018-2019. The company emphasized working directly with municipalities to apply security fixes, including patches for third-party software vulnerabilities that contributed to the breach, but declined to disclose specific technical details citing confidentiality and ongoing investigations. No resident-facing mitigation measures or identity protection offerings were described in the notification.