Parking violation also violated: Click2Gov payment system breached

Finding a parking ticket on your windshield is a surefire way to ruin your day. To make it worse, the city of Ames, Iowa recently discovered that 4,600 drivers paying parking fines online between August 10 and November 19, 2018 may have had their PII (personally identifiable information) breached.

It is thought the city’s third-party vendor, Click2Gov, may have been compromised, exposing names, mailing addresses, email addresses, and debit/credit card numbers. Last June, Click2Gov experienced a similar breach with its water bill payment system in Lake Worth and Wellington, Florida.

“We are very sorry this happened to our customers. The city of Ames is extremely concerned by this incident, but we’re confident we’ve addressed the vulnerability and corrected it,” said Duane Pitcher, Ames finance director. “We know cyber attacks can occur any time, and we remain vigilant about keeping information shared with the city safe. We expect the same from vendors linked to our website.”

The city notified customers, informed Click2Gov, and took its online payment system offline. It replaced its web server and sent data to an analyst for investigation.

Safeguard your network with the NIST Cybersecurity Framework (CSF)

The NIST Cybersecurity Framework (CSF) is a voluntary framework primarily intended for critical infrastructure organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices. However, the CSF has proven to be flexible enough to also be implemented by non-U.S. and non-critical infrastructure organizations.

To learn how to effectively use this framework, consider purchasing IT Governance USA’s NIST Cybersecurity Framework – A Pocket Guide.

This pocket guide will teach you how to:

  • Adapt the CSF to your organization
  • Establish an entirely new cybersecurity program, improve an existing one, or simply review your cybersecurity practices
  • Break down the CSF and understand how other frameworks, such as ISO 27001 and ISO 22301, can integrate into your cybersecurity framework