Cyber Incident Victim: City of Odessa
Date:
Apr 2020
Location:
United States of America
Summary
The City of Odessa experienced a data breach impacting users of its third-party online payment portal for utility bills, marking the second such incident affecting the system within a year. Unauthorized access compromised the Click2Gov platform during a multi-month period, specifically targeting individuals who made one-time payments through the service. The breach exposed sensitive user data, though the exact scope and nature of the compromised information were not detailed in available reports. This recurrence highlighted ongoing security challenges associated with the third-party payment infrastructure utilized by the municipality.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Odessa experienced a data breach impacting its online utility payment system between mid-April and late June 2020. The incident involved Click2Gov, a third-party web portal software used by the city to process one-time utility bill payments. This marked the second security compromise affecting Odessa's Click2Gov system within a twelve-month period. The breach exclusively targeted customers who utilized the one-time payment functionality, with no evidence suggesting impacts on recurring payment users or other municipal systems. City officials confirmed the intrusion period spanned approximately two and a half months, though the exact date of breach discovery remained unspecified in public reporting.
Security investigations determined unauthorized actors accessed payment information through vulnerabilities in the Click2Gov platform. While the specific number of affected residents wasn't disclosed, the breach duration indicated prolonged exposure for users making payments during the compromised timeframe. The city's reliance on third-party payment processing software represented a recurring vulnerability, as this incident followed a previous Click2Gov breach occurring within the prior year. No details emerged regarding containment procedures, forensic methodologies, or specific attacker behaviors beyond the confirmed access to payment data. The breach notification occurred months after the compromise window closed, with public disclosure emerging in October 2020 through media reports rather than official city channels.