Hackers compromised the Payment System of many towns all over the U.S.

As the hackers have compromised the payment system of many towns all over the U.S., so the citizens who use those town websites for making any kind of payment are having tough time. Around 300,000 US citizens' personal information got compromised by the hackers with the help of vulnerability in Click2Gov, the payment software of government.

A report was published on December 18, 2018 (i.e. on Tuesday), by Gemini Advisory, a security research firm, providing new details about how the vulnerabilities in the Click2Gov, widely used payment software type of the government, has affected various towns in US - from California's Oceanside to Sarasota, Florida. The vulnerability in the Click2Gov payment software has allowed the hackers to get into the payment networks. They then steal personal information that includes debit card and credit card data, when the citizens use the town websites for making payment such as fines, taxes, etc.

In the year 2017, the vulnerability reports of Click2Gov first came into light. However, the recent report by Gemini Advisory has provided additional details regarding extent of these hacks, along with what are the cyber crooks doing with that data. As per the firm, the crooks have compromised a minimum of 294,929 payment records in 46 cities of U.S. Besides, the criminals earned $1.7 million by selling these data on dark web.

For all those citizens who carry out their payment process through Click2Gov to honor civic obligations, the breach will most probably not result in financial loss as the banks along with the credit card companies normally foot the bill in case of stolen data. However, these kinds of incidents do mean all the aggravations that come with the identity theft, including immediate need of replacing the cards and possible damage caused to the credit scores.

Stas Alforov, Gemini's Director of Research, said that although many towns of U.S. have already addressed the vulnerabilities of Click2Gov, but a lot many towns are still remaining, which means that the data exfiltration is still going on. As per Alforov, the hackers who are behind these breaches do not seem to be highly sophisticated, but still they have managed to figure out the way of making profits from weak security of the local governments.

The security research firm has been able to recognize the affected municipalities by reviewing the addresses that are related to stolen cards.

» SPAMfighter News - 1/4/2019