Click2Gov from Superion, causing cyber breaches nationwide

Several local government breaches have been traced back to use of the online utility bill payment system, Click2Gov, a product of Superion.

The most recent, reported by Government Technology, took place in Midland, Texas and affected users who made one-time online payments for utilities.

The most recent breaches began on May 25, 2018, when the City of Oxnard, CA was notified by a bank that their online utility bill payment service appeared to have been breached, leading to a number of fraudulent transactions. The compromised payment system was identified as Oxnard’s Click2Gov installation.

On June 7, 2018, the Village of Wellington, FL was notified by Superion that certain vulnerabilities in Click2Gov might have led to a possible breach of their online utility payment installation. The Village stated that cards used for payments between July 2017 and February 2018 were considered to be ‘at risk’.

Further back, the City of Ormond Beach, FL experienced a similar incident with their Click2Gov system in October 2017. There have also been breaches at the City of Goodyear, AZ (May 2018); City of Fond du Lac, WI (December 2017); and the City of Ardmore, OK (June 2017) that fit the profile of a Click2Gov issue but have not been definitively linked to the application.

If you are using the Click2Gov system, be on alert for suspicious activity. Consider reaching out to Superion for more information on the certain vulnerabilities Superion has identified in Click2Gov, so that an investigation can be conducted as to whether your entity may be exposed to the issue.

For more resources to address cyber security issues, visit the VMLIP website here.