The City of Waco has warned residents that their online payments for water services may have been intercepted by hackers who stole credit card details.

The heart of the problem lies in the third-party online payment software that Waco and several other cities and municipalities use to let residents pay their bills, pay parking fines, as well as make other financial transactions.

According to a spokesman for the City of Waco, the Click2Gov portal for water bill payments was breached by malicious hackers who were able to plant malicious code that siphoned off sensitive data between August 30th and October 14th.

“Unfortunately, this is something that happens in the credit card world,” said Larry Holze.

Well, it certainly does happen in the case of Click2Gov if recent history is any judge.

Security researchers have been tracking attacks against Click2Gov’s payment portals for a couple of years, with multiple reports of breaches involving cities stretching across the United States and Canada, resulting in tens of thousands of payment card details being traded on the dark web.

As an example, just last month the city of College Station said its Click2Gov online utility payment system had been compromised between July 31 and November 15, 2019.

And in September 2019, eight cities said their Click2Gov payment portals had suffered significant data breaches which saw details of more than 20,000 payment cards stolen.

Security researcher Stas Alforov at Gemini believes that the crime wave demonstrates attackers are returning to the same victims over and over again:

“It demonstrates cybercriminals’ willingness to repeatedly target the same victims and underscores that while responsible security habits are constructive, there is no perfectly secure system. It is thus incumbent upon organizations to regularly monitor their systems for breaches in addition to keeping up to date on patches. (Read more...)