Home > News > News Releases > Update: Forensic Analysis Underway For Data Breach That Compromised Parking Ticket Payment System

Update: Forensic Analysis Underway For Data Breach That Compromised Parking Ticket Payment System

31-Dec-2018

On Friday, December 21, the City of Saint John notified the public of a data breach that could affect thousands of customers who paid City-issued parking tickets through its online payment system (Click2Gov). The City first learned of the breach early Friday morning and immediately took down the payment system on saintjohn.ca and notified the vendor, CentralSquare Technologies, of the issue. Upon notification, CentralSquare Technologies engaged a private cyber security analyst to begin a forensic analysis to determine the scope and potential impacts of the breach.

Click2Gov is a third-party system owned by software company CentralSquare Technologies and used by municipalities across North America to process online payments for municipal bills and services. The City of Saint John uses the system to process payments for parking tickets and is one of 46 Central Square Technology customers impacted by the breach.

WHAT WE KNOW:

Preliminary findings from the forensic analysis indicate that the breach involved multiple instances when an unknown source gained access to confidential customer information on the City’s server through the Click2Gov payment system.

While the exact dates of the attacks are unknown, the first instance of malicious activity has been traced to May 2017. This gives reason to believe that the breach could impact anyone who has paid a City-issued parking ticket over the past two years, from early 2017 to December 16, 2018.

The breach only affects customers who made parking ticket payments online or by phone as staff process payments using the online Click2Gov application.

Confidential information exposed through the breach includes:  first name, last name, mailing address, credit card number, expiry date and CVV.

CUSTOMER PROTECTION:

The City strongly urges anyone who has paid a City of Saint John parking ticket, whether online or by phone, to take precautions by monitoring their credit card accounts for unauthorized activity, and contacting their financial institution.

In the interest of protecting the personal information of customers, the online parking payment system will remain down until the investigation is complete, and all required security measures are in place.

Parking ticket payment methods are listed on all parking tickets, and include in-person, phone and direct mail options. Additional information is available here.

The City apologizes to customers who have been impacted by the data breach. Cyber attacks can happen at any time and the City makes every effort to protect the confidential information of all customers, citizens and employees.

At the December 17, 2018 meeting of Common Council, Council approved an agreement with the Canadian Institute of Cybersecurity as part of a commitment to a larger, more comprehensive municipal cyber security strategy. The Canadian Institute of Cybersecurity will begin working with the City on January 7 to conduct a threat assessment on all City systems, including online payment applications.

Further updates about the breach and any additional security measures will be provided by the City and available through www.saintjohn.ca.

i_rc_customerserv_quesMedia Inquiries


Corporate Communications
City of Saint John
11th floor, City Hall
(506) 649-6008
saintjohn.ca