Click2Gov
| Primary URL | Location | Industry | click2gov[.]com |
Country
United States of America
|
Financial Services
|
|---|
Profile
Click2Gov is a software provider that develops and maintains online payment portals specifically designed for municipal governments in the United States. Its core product enables cities, towns, and counties to accept electronic payments for a variety of citizen services such as utility bills, fines, taxes, and permit fees through a web‑based interface. The platform is marketed to local government agencies seeking to streamline revenue collection and improve the convenience of transactions for residents. By focusing on the public sector payment niche, Click2Gov positions itself as a specialized solution that integrates with existing municipal back‑office systems while offering a user‑friendly front end for end‑users.
The reach of Click2Gov’s solution became evident through the series of security incidents disclosed in late 2018, which affected 46 separate U.S. municipalities and compromised nearly 300,000 payment records. These breaches resulted in the theft of payment card data that was subsequently sold on the dark web, generating approximately $1.7 million in illicit profits for the attackers. The scale of the impact highlights the software’s widespread adoption across diverse local jurisdictions, from smaller towns to larger city administrations, and underscores the potential consequences when vulnerabilities in a widely deployed government payment platform are exploited. Although the company issued patches after initial reports, follow‑up investigations revealed additional affected entities, indicating that the initial remediation did not fully address all exposure points.
Click2Gov’s distinguishing attributes lie in its concentration on government‑specific payment processing and the technical environment in which its software operates, notably a Java‑based application server that was identified as a vector for attackers to install web shells and enable debug logging. The incidents revealed that the attackers exploited weak security measures rather than relying on highly sophisticated techniques, pointing to a need for stronger baseline protections in the deployments of this software. While the provider’s role as a vendor of municipal payment solutions is clear, the source material does not disclose explicit details about its ownership structure, parent company, or subsidiary relationships, so no structural notes can be included beyond what is stated.