Credit Card Information of nearly 6000 people or even more related to Saint John Parking System could have been sold on the dark web in the past 18 months as reports are in that hackers have gained access to the said information by intercepting the parking database at some time 2 year ago.
In December’18 the IT staff of the parking system learned that the database related to the parking ticket fines municipal server was infected with malware which could have spilled critical details such as names, credit card numbers, card verification numbers and expiry dates and addresses of more than 6K people who paid parking penalties online using their credit cards.
On December 19th,2018, IT World, an online news publication reported a breach on Central Square Technologies owned click2gov software which is being used by over 46 other municipalities along with Saint John.
All the payments taking place via the click2gov software were halted by the end of last month. But security experts say that the damage was already done by then as stolen info belonging to cardholders who made payment on Saint John Parking System was being sold on the dark web from the past 15 months.
Don Darling, the Mayor of the Saint John city released a press statement a few hours ago and stated that neither he nor his council members were aware of the incident until an article in IT world was brought to their notice.
They are blaming CentralSquare folks for the activity and said that strict action will be taken against them in the next council meeting. Also, the council members have decided to unanimously purchase a cyber insurance policy covering entire city’s digital assets as a precautionary measure after the incident.
In the meantime, the Canadian Institute of Cyber Security is said to perform a cyber threat assessment on the city’s IT Systems by this month end and will provide further details to the media if necessary.
More details are awaited!