Click2Gov Breach Payment Cards Sold on Dark Web

In August 2017, Click2Gov software, a payment technology widely used by local governments to process utility payments, was the victim of a breach in which Oceanside, California, was the first in a long line of compromised municipalities. Many of the payment cards stolen from the compromised records are now likely being sold in underground marketplaces, according to Gemini Advisory. During its routine monitoring of dark web marketplaces that sell compromised payment card data, Gemini Advisory noted “an out-of-pattern concentration of victims located in small-to-medium US cities. Further analysis of the card data linked to these locations and collaboration with partner banks have determined that records [have] likely been stolen from local municipal services that license Click2Gov software.”