Thursday, August 23, 2018

Vendor Warned City of Click2Gov Problems 2 Months Ago

The City of San Angelo issued a statement on online water payments on August 17, 2018.  A followup press release on 8-20 stated:

Credit card information for water customers who made payments in person and automatically online may have been breached in addition to those who made individual payments online.
Another press release update 8-21 added:
“We know this breach has caused a great deal of inconvenience, and for that we are truly sorry,” Water Utilities Director Allison Strube said. “Since learning of this issue Friday, the City has worked diligently with our vendor to provide an additional layer of protection for our customers. We are continuing the process to learn how many customers might have been impacted and over what timeframe.” The City received a concern Friday that online water bill payments seemed to have led to illicit activity on customers’ credit card accounts.
The company reported security issues in October 2017.  On June 15, 2018 Superion gave an update on problems with its payment software system:

Upon learning of the activity, we proactively notified all Click2Gov customers. Additionally, Superion launched an investigation and engaged a forensic investigator to assess what happened and determine appropriate remediation steps.

Throughout our investigation with the third-party forensic team, we have kept in direct contact with every Click2Gov customer to assist in the resolution of this issue, informing them of our findings via email, phone calls, and one-on-one working sessions. We assisted many customers with analyzing their Click2Gov environment and provided them with best-practice guidance to assist them in securing their servers and networks.
Neighboring city Midland, Texas reported breaches with its payment system on June 27, 2018.

The city of Midland, Texas, on Monday reported a potential security breach of the utility billing online payment platform, administered by Superion. The city reports learning of the possible breach on Friday. Superion’s Click2Gov function is the payment server used to make online payments for utilities. The security breach, according to the city, affected users who made one-time, online payments between December 2017 and June 2018.  
San Angelo City officials are working to find the extent of the breach.   The time frame for the breach will be interesting to learn in light of this timeline.

Update 11-13-19:  The city is concerned it may have another breach of its water bill payment system.  It issued a press release today on the matter.

Update 11-14-19:  The Standard Times reported the city plans to switch water billing vendors.

No comments: