Saint John, a city in Canada, is the latest victim of a data breach. The city notified via a public notice that it has shut down its online system used to pay parking tickets after discovering a data breach that exposed around 6000 users’ personal information, including names, addresses, and credit card information.
According to the official statement, Click2Gov, a third-party software product that allows residents to pay parking tickets through the Saint John website, was breached by unknown intruders who compromised users’ sensitive information. The city administration stated that it has suspended the payment site temporarily and contacted CentralSquare Technologies, the operator of Click2Gov,to investigate the incident.
The security officials at Saint John stated the breach could have affected a number of municipalities across North America. The people of Saint John are advised to check their financial statements to look for any unauthorized activity.
“Obviously the privacy of our citizens and their payment information is non-negotiable, it must be private. I’m disappointed that this has happened, but we certainly live in a complicated world in this day and age in terms of online forces and hackers and folks that are out and after our public information but we’re taking this very seriously and our teams are working on this to figure out the level of impact and we’ll fix it,” said Mayor Don Darling.
“We want to know how this happened, how many people were impacted and the indication that I have is this is going to take up to four or five days to get this completed.”
Darling clarified that CentralSquare Technologies didn’t notify the people of the city about the breach. He stated the information on the breach was disclosed to the city through media reports from other municipalities that use the online parking payment service.
“If CentralSquare was aware of this breach and they didn’t let us know, then I’ll certainly be looking to follow up on that up to and including is that a breach — I would hope that’s a breach — of our agreement with them. It’s a pretty serious and neglectful act, in my view, on their part not to let us know of a breach that happened,” Darling added.