The city of Bakersfield’s online payment system has been hit by hackers once again, exposing the personal information of those who used it, according to the security firm Gemini Advisory.
In a blog post published late last week, Gemini said Bakersfield was one of eight cities across the country that hackers had targeted beginning in August 2019. The firm claimed to identify over 20,000 records from the breaches available for sale on the dark web.
The city has acknowledged the breach and says it is investigating.
The hackers targeted the online payment system, Click2Gov, used by the city to process online payments for building permits, utility bills and business license renewals.
Several cities in Florida, along with Pocatello, Idaho; Broken Arrow, Oklahoma; and Ames, Iowa were also struck by the hackers, according to Gemini Advisory.
Last November, the city announced its Click2Gov system had been hacked, potentially affecting 2,400 user accounts. Local media from other cities also claimed Click2Gov hacks at around the same time period.
At the time, the city said it had implemented additional security measures to ensure that the breach did not occur again. However, Gemini Advisory noted that cybercriminals often hit the same target twice.
“Given the success of the first campaign, which generated over $1.9 million in illicit revenue, the threat actors would likely have both the motive and the budget to conduct a second Click2Gov campaign,” Gemini wrote in its blog post.
After the latest round of attacks, the city said it would end its use of Click2Gov and implement a new payment platform that provides more security to the public within 30 days.
“Safeguarding financial information is the City’s highest priority,” Bakersfield Spokesperson Joe Conroy said in a statement. “The city takes cyber-security very seriously and works daily to ensure all online systems are secured to the highest extent possible.”
Click2Gov is a third party platform that operates off city-owned servers, according to Conroy’s statement.
The city is working with third-party experts as well as CentralSquare, the company behind the software, to investigate the breach to determine its scale.
Once complete, the city will notify all potentially impacted parties as required by law.
This is no fun. I was hacked and over 25 years of records were held and are still being held for ransom that I wont pay.
