Magecart attacks Plague the Already Troubled Payment Platform Click2Gov

September 30, 2022


A new wave of data breaches in eight U.S. city governments is the work of online scammers using malicious code against the troubled online payments platform Click2Gov, according to research published Friday by the cybersecurity firm TrendMicro. The attacks involved Magecart-style attacks, in which lines of JavaScript code are injected into e-commerce platforms to rip off financial and personally identifiable information, like credit card numbers, names, addresses and other credentials. Click2Gov has for several years posed data-security problems for as many as 6,000 local governments across the United States who use Click2Gov. But according to TrendMicro, there’s no evidence directly linking the recent Magecart-style attacks to incidents in 2018 and 2019. Still, five of the eight cities analyzed had been victims of previous Click2Gov breaches.

Magecart attacks have plagued corporate websites, including big-name targets like British Airways, Ticketmaster and more than 2 million other websites, according to research published last October.

Incident Date

April 10, 2020

Estimated Cost

No cost values disclosed.


Type of Malware

No Malware identified

Threat Source

No threat source identified