The Canadian Press
Published Saturday, December 22, 2018 EST EST 12:05
Updated on Saturday, December 22, 2018 EST EST 3:16
SAINT JOHN, N.B. – As many as 6,000 people in Saint John, NB, could have revealed their personal information, an analyst group told the city to announce it was one of dozens of boroughs affected by data crash to its system pay online parking tickets.
The city said that he had learned about the breach of the Click2Gov third-party software product, managed by CentralSquare Technologies. The product gives customers the option to pay parking tickets through the city's website.
The city said that he had contacted CentralSquare Technologies to investigate the cut.
In the meantime, the city payment site has closed and Sant John's staff advise anyone who believes they could be affected to monitor their financial accounts in detail and link to & # 39; u bank if they see any unauthorized activity.
"St John's City protects our data systems very seriously and apologizes for the inconvenience that this event can cause," said a news release on the city's website.
The Saint John or CentralSquare Technologies city could not be reached immediately for comments on Saturday.
The break in Saint John is part of a much larger issue, says Cybersearcher researcher, Stas Alforov.
A recent report by Alforov, director of R & D for Gemini Advisory, reported that the company had found that almost 300,000 payment records had been compromised by 46 North American cities – including around 6,000 Saint John – since 2017.
Saint John is the only Canadian-related Canadian city, with the rest coming from the U.S.
"Our analysis shows that all cuts are part of the larger hacking operation carried out by the same hacking group, and they are not random in nature," said the report.
Gemini Advisory, which collects information from criminal markets and supplies to financial institutions, is beginning to excavate the cases of suspicion when they are aware of an unusual pattern of credit card; can be posted online to sell.
Alforov said he noticed that credit card information that was allegedly sold online was from less dispersed communities across North America, rather than in the more typical urban centers.
Excavating further, Gemini Advisory linked these cases with other alleged breaches of Click2Gov.
After announcing its findings on the Gemini Advisory website, Alforov said he had received a call from the St. John's city.
"They said," We were not really aware of this, and I said, "That is understandable, but it seems you've broken & # 39 ; The men back in 2017 in September, "he said.
"I've been seeing new uploaded cards, about 1,000 cards every couple of months, from 2017 to the beginning of November 2018."
He said that all card holders did not come from Saint John: if someone came from outside the town and had a ticket in Saint John, their knowledge might have been compromised too. The same thing would go for all the other cities associated with the cut.
Alforov said he gave the names to those affected by the city, and has given the names of dozens of boroughs about law enforcement and Click2Gov.
He noted that CentralSquare Technologies were not always aware of the cuts. He added that the company had told them that all the systems that were all affected were carried out locally, and their cloud-based software was not affected.
The company also used a package for the system, said Alforov, but the vulnerability continued.
Alforov said it was important for municipalities to be aware of the software they use and how to keep up-to-date while it is on the provider software to notify the final user about their product.
"We can not point our fingers just on Click2Gov, or just the borough; there's a kind of problem jointly, in sense," he said.