Connect with us


A popular web payment portal for local U.S. governments has now been breached

Another day, another breach.

Credit card being swiped at a point of sale
Image: Unsplash

Security firm FireEye has announced that a popular web payment portal for local U.S. governments has been targeted by hackers. The vulnerability on Click2Gov servers was caused by malware that was uploaded through credit card data, according to TechCrunch.

According to FireEye’s incident response arm, Mandiant, the hacker used server vulnerability to upload a so-called FIREALARM tool to sift through server log data for credit card data. At the same time, another piece of malware called SPOTLIGHT was used to intercept credit card data from unencrypted network traffic. Once collected, the data was encoded and taken by the hacker.

Credit card data was the target

Nick Richard, a principal threat intelligence analyst at FireEye, told TechCrunch the hacker took “weeks to numerous months” to accomplish this feat. They were able to pull credit card numbers, expiration dates, and verification numbers, along with names and addresses. To date, it’s not known how many victims there are.

Richard explains:

Any web server running an unpatched version of Oracle WebLogic would be vulnerable to exploitation, thus allowing an attacker to access the web server to manipulate Click2Gov configuration settings and upload malware.

Superion, which owns the web payment portal Click2Gov, told TechCrunch it has “diligently kept our customers informed while working with them to update available patches for the third-party software that contributed to the issue.”

Unfortunately, these sort of data breaches are becoming a common practice for hackers

If it seems like hacks have become commonplace at businesses and organizations, you’re right. This isn’t the first data breach affecting companies in recent months. Among those have been British Airways, Under Armor, P.F. Chang’s, GrayShift, and many more.

If you use Click2Gov and worry that your personal or business information has been stolen, your best bet is to discuss this with a supervisor. Hopefully, they are already on top of these and have resolved the issue on your end.

Has your personal information ever been hacked? What did you do about it? Let us know below. 

Editors’ Recommendations

Follow us on Flipboard, Google News, or Apple News

Bryan considers himself a well-rounded techie, having written articles for MakeUseOf, KnowTechie, AppAdvice, iDownload Blog. When he's not writing, he's being a single dad and rooting for his alma mater, Penn State, or cheering on the Patriots.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Deals of the Day

  1. Paramount+: Live Sports Starting at $2.50/mo. for 12 Mos. Sports - Try It Free w/ code: SPORTS
  2. Save $20 on a Microsoft365 subscription at Best Buy with a Best Buy Membership!
  3. Try Apple TV+ for FREE and watch all the Apple Originals
  4. Save $300 on a Segway at Best Buy, now $699

More in Security