Another city has reported a breach involving Click2Gov software by CentralSquare Technologies. WTVY reports Dothan, Alabama has joined more than four dozen other cities using Click2Gov that have experienced breaches involving payment card data of residents using online payment portals:
“It has come to the City of Dothan’s attention that CentralSquare, the third-party processor of online utility payments, via their Click2Gov application, has been compromised via a recent cyber attack,” the city said in a statement.
Read more on WTVY. As with other some other cities we learned about this year, the attack seems to have occurred between August 26 and October 14 of this year. It’s not clear when Dothan discovered the attack and if they discovered it or whether CentralSquare Technologies alerted them to investigate.
The Dothan Eagle has a bit more detail on the attack itself, reporting that CentralSquare Technologies say that the attacker
used a “screen scraper” process to steal online customers’ private information. That means Dothan Utilities customers who used stored credit card and address information to pay their bills in that timeframe were not likely subject to the data breach.
Customers who typed their information in the system, like those who may have used the one-time payment system or new customers, may still be at risk, Mason said.
The firm’s CEO never answered this site’s recent inquiry as to whether this was a second vulnerability affecting cities after August or a previously known issue.