INCIDENT: Magecart attacks Plague the Already Troubled Payment Platform Click2Gov

A new wave of data breaches in eight U.S. city governments is the work of online scammers using malicious code against the troubled online payments platform Click2Gov, according to research published Friday by the cybersecurity firm TrendMicro. The attacks involved Magecart-style attacks, in which lines of JavaScript code are injected into e-commerce platforms to rip off financial and personally identifiable information, like credit card numbers, names, addresses and other credentials. Click2Gov has for several years posed data-security problems for as many as 6,000 local governments across the United States who use Click2Gov. But according to TrendMicro, there’s no evidence directly linking the recent Magecart-style attacks to incidents in 2018 and 2019. Still, five of the eight cities analyzed had been victims of previous Click2Gov breaches.

Magecart attacks have plagued corporate websites, including big-name targets like British Airways, Ticketmaster and more than 2 million other websites, according to research published last October.

Incident Date

April 10, 2020

Location

United States

Estimated Cost

No cost values disclosed.

Victims

Type of Malware:

No Malware identified

Threat Source:

No threat source identified

References:

  • Click2Gov breaches in eight cities attributed to Magecart hackers

Industries:

Impacts

IT Privacy

Pin It on Pinterest

Scroll to Top
Scroll to Top