On June 7, 2018, the village of Wellington, Florida alerted residents to a potential data breach of its online water billing payment system, Click2Gov, after its creator, Superion, a government contractor, notified the village of vulnerabilities in its software.
Investigation of the breach
Residents were informed that utility bills paid by credit card between July 2017 and February 2018 could be at risk, with customer names, credit card numbers, and expiration dates potentially exposed.
The breach forced Wellington to shut down its payment portal and launched an investigation. Alternative payment methods were implemented. The village is now upgrading its software and building a new server.
Additional data breaches
On June 15, the affected dates were revised to include payments made between November 28, 2017 and June 4, 2018. Lake Worth, Florida and two California communities also reported data breaches of Click2Gov.
Are you a federal contractor?
The Defense Federal Acquisition Regulation Supplement, DFARS, mandates that all DoD contractors must implement controls in NIST SP 800-171. However the government plans to roll out the initiative. This would require contractors and subcontractors working with any federal agency to comply with NIST SP 800-171, which are the security controls. A contact at NIST mentioned that by the end of 2018, the National Archives and Records Administration will make all non-federal organizations working with the federal government comply with NIST SP 800-171.
Learn more about NIST
The NIST Cybersecurity Framework is a voluntary framework based on existing standards, guidelines, and practices, for organizations to manage and reduce cybersecurity risk. ISO 27001 sets out the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS), outlining the requirements against which an organization’s ISMS can be audited and certified.
To learn more about how to manage and reduce your cyber risk, download IT Governance USA’s free green paper: NIST Cybersecurity Framework & ISO 27001.