Cyber Incident Victim: City of Saint John

On December 22, 2018, the City of Saint John discovered a data breach in its online parking ticket payment system, prompting immediate shutdown of the platform. The breach potentially exposed customer names, addresses, and credit card information processed through the Click2Gov software provided by third-party vendor CentralSquare Technologies. Mayor Don Darling confirmed the city issued a public notice the same afternoon the breach was identified, emphasizing the non-negotiable importance of citizen privacy and payment security. The breach originated from an unknown external party exploiting vulnerabilities in CentralSquare's Click2Gov application, which served multiple municipalities across North America. City officials expressed frustration that CentralSquare Technologies failed to directly notify them about the security compromise, with Saint John learning of the incident through media reports documenting similar breaches in other jurisdictions using the same software.

Mayor Darling characterized CentralSquare's failure to disclose the breach as potentially violating their service agreement, describing the omission as "serious and neglectful." The city directed affected customers to monitor their financial accounts for unauthorized transactions and contact their banking institutions if suspicious activity occurred, while advising potential identity theft victims to report to police. No specific timeframe for the breach's duration or exact number of impacted Saint John residents was disclosed in the public statement. The incident prompted internal reviews of data protection protocols and third-party vendor notification obligations, though the city confirmed no additional systems beyond the parking ticket portal were compromised. Saint John formally apologized for the inconvenience while maintaining its commitment to data security, though restoration timelines for the payment platform remained unclear at the time of reporting.