hacked click2gov st johns cybersecurity data breach

St. John’s Parking Breach Exposed 6,000 Users

A city in Canada, Saint John, endured a data breach within their online system where users pay off parking tickets. 6,000 users’ personal information was exposed.


hacked click2gov st johns cybersecurity data breach

A third-party software product, Click2Gov, allowed residents to pay parking tickets through the Saint John website. It was breached by unknown intruders who compromised users’ sensitive information such as names, addresses, and credit card information. The city administration stated that it has suspended the payment site temporarily and contacted CentralSquare Technologies, the operator of Click2Gov, to investigate the incident.

The security officials at Saint John stated the breach could have affected a number of municipalities across North America. The people of Saint John are advised to check their financial statements to look for any unauthorized activity.

Investigations Continue

“Obviously the privacy of our citizens and their payment information is non-negotiable, it must be private. I’m disappointed that this has happened, but we certainly live in a complicated world in this day and age in terms of online forces and hackers and folks that are out and after our public information but we’re taking this very seriously and our teams are working on this to figure out the level of impact and we’ll fix it,” said Mayor Don Darling.

hacked click2gov st johns cybersecurity data breach

Darling clarified that CentralSquare Technologies didn’t notify the people of the city about the breach. He stated the information on the breach was disclosed to the city through media reports from other municipalities that use the online parking payment service.

“If CentralSquare was aware of this breach and they didn’t let us know, then I’ll certainly be looking to follow up on that up to and including is that a breach — I would hope that’s a breach — of our agreement with them. It’s a pretty serious and neglectful act, in my view, on their part not to let us know of a breach that happened,” Darling added.

Source: CISO