Hackers have over the years made multiple attempts to access the utility information of payers’ information in the US with a few of them proving fertile. In a recent report, an effort to hire a private contractor to handle utility bill payments whiles keeping payers’ information safe did not go as expected. The report reveals that some unknown hackers broke into their system and accessed thousands of credit card information of customers in the City of Bend.
The vendor handling utility payments, the CentralSquare, has been accused of failing to secure its system to protect customers’ information considering the fact that its Click2gov platform has been breached since 2017.
Image Source: themoscowtimes.com
The City of Bend has been reported to have rejected every report linking the incident to vulnerabilities in its system, security or infrastructures. The CentralSquare platform that manages payments for various governments and healthcare is said to have had its online portal compromised as hackers may have inserted malicious code to illegally access the credit card details of customers.
According to the source, the CentralSquare refused to disclose the number of affected Cities and the customers involved as well as their plan to secure the system to avoid future occurrence. They simply stated that they cannot disclose any information about their customers, security, and environment for security and confidential reasons.
Though a lot of customers are suspected to have been affected, a release has alerted customers who used the online portal to pay utility bills between 30 August 2019 and 14 October 2019 to check their financial statements and monitor their bank accounts to report any suspicious or fraudulent activity.
The possible customers’ information accessed is billing address, cardholder name, card number, type, expiration date, and security code. This information can be sold on the dark web putting customers at risk of identity theft.
According to the City of Bend Chief Innovation Officer Stephanie Betteridge, they cannot say anything specific since this is an open and ongoing investigation. However, she admitted that the CentralSquare has collaborated with the FBI, Bend police and forensic analysts to investigate the incident.
She also stated that she cannot state emphatically when the City of Bend realized that the customer’s information had been a breach. However, she knows the information came from the CentralSquare. Water customers have also been warned concerning a similar data breach in about a month ago.
Betteridge also claimed to have no knowledge of any affected customer due to possible disclosure of their credit card information as claimed by the report. In addition, the perpetrators behind the attack are not yet known, and the same as the scope of the breach until the investigation is concluded. They have decided to contact the affected customers by email, and have also set up a call center to forward all concerns.
Image Source: www.instart.com
At the moment, the City’s portal has been secured as claimed by Betteridge, and they are ready to switch to a different payment platform. All affected customers will be given a one year credit and identity monitoring service on the authority of the report. Also, the City of Bend has insurance for cyberattacks. The City of Bend revealed that only credit card information was accessed as other forms of identification remain safe.
Many awareness programs and reports have been launched to notify platforms especially the ones that deal with customers’ credit card details to invest in cybersecurity as they are always targeted by threat actors. A number of cybersecurity experts believe that platforms have the sole responsibility to keep customer data safe, and must claim responsibility for any breach.
The Click2Gov platform was compromised in 2019 aside from the 2017 breach, causing hackers to access about 20,000 payment cards across eight cities in five states. Researchers discovered that these sensitive data had been offered for sale on the dark web. Following the previous breach on the CentralSquare platform, researchers stated that the organization must make efforts to monitor its system for potential breaches and keep up to date on patches.
The researchers stated that the multiple breaches of the platforms despite the patched system are indication that threat actors repeatedly target the same victim. They reported that security habit is very important. However, there is nothing like a secured system.
The data breach has been a global problem as hackers know no boundary, and are willing to launch an attack on anyone and anywhere provided the target has what they are looking for. Though 2019 was a year full of data breach incidents, 2020 is expected to be more as a number of cybersecurity experts have predicted a year full of cyberattacks just like the previous year.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.