Midwest City

The City of Midwest City operates as a municipal government responsible for delivering local public services to residents within its jurisdiction. These services include maintaining public safety through police and fire departments, managing infrastructure such as roads and water systems, and administering community programs that support education, recreation, and social welfare. To handle financial transactions with citizens, the city utilizes the Click2Gov platform, a specialized software solution designed for processing government payments like utility bills, permit fees, and other municipal charges. Click2Gov integrates with the city’s existing administrative systems to streamline revenue collection and improve service efficiency. The platform is used by numerous municipalities across the country, placing Midwest City within a broader network of governments that rely on the same vendor for payment processing. This shared reliance means that the city’s payment operations are closely linked to the performance and security of the Click2Gov service. As a government entity, the city is subject to state and local regulations that govern financial handling, data protection, and public accountability. Its role as a service provider requires it to maintain trust with residents by ensuring the confidentiality and integrity of personal information submitted during transactions. The city’s operational model emphasizes the coordination of internal departments with external technology partners to fulfill its municipal mandate.

The 2018 cybersecurity incident involving Midwest City revealed a notable characteristic of its technology environment: an indirect vulnerability stemming from a third‑party component essential to its payment processing workflow. Attackers did not compromise Click2Gov directly; instead, they exploited a known flaw in Oracle’s WebLogic application server, which is required software for running the Click2Gov platform. This exploit allowed unauthorized access to data affecting approximately 2,300 customers and facilitated the deployment of cryptocurrency mining malware on municipal systems. The breach illustrated that the city’s cybersecurity risk extends beyond its own internal networks to include the software and hardware vendors upon which its critical services depend. Superion Software, the developer of Click2Gov, confirmed the intrusion vector after conducting investigations into similar breaches affecting other municipalities using the same platform. Consequently, the incident highlighted the importance of rigorous vendor risk management, continuous monitoring of third‑party components, and timely patching of underlying software dependencies. The city’s experience serves as a case study for how supply chain weaknesses can translate into tangible impacts on government operations and resident data security.