Saint John parking payment system breached 'multiple' times since May 2017

A preliminary investigation into the data breach that forced the City of Saint John to shut down its online parking payment system has traced the first instance of malicious activity to May 2017. 

A forensic analysis by a private cyber security analyst indicated the breach involved "multiple instances when an unknown source gained access to confidential customer information on the City's server through the Click2Gov payment system," said a release from the city issued Monday.

"This gives reason to believe that the breach could impact anyone who has paid a City-issued parking ticket over the past two years, from early 2017 to December 16, 2018."

Confidential information that was exposed through the breach includes a person's first and last name, mailing address, credit card number, expiry date and CVV, the card's security code.

CBC

The city discovered the breach on Dec. 21 and notified the vendor, CentralSquare Technologies, who in turn hired the analyst to determine when the breach began and what potential impact it had on customers.

Saint John was one of 46 customers affected by the breach. System users were also notified.

Take precautions

In the release, the city is urging anyone who paid a City of Saint John parking ticket, whether online or by phone, to take precautions by monitoring their credit card accounts for unauthorized activity and contacting their financial institution.

"In the interest of protecting the personal information of customers, the online parking payment system will remain down until the investigation is complete, and all required security measures are in place." 

Those wanting to pay a parking ticket can find the information on the ticket. It can be paid in person, by phone or mail. More information can be found on the city's website.

"The City apologizes to customers who have been impacted by the data breach. Cyber attacks can happen at any time and the City makes every effort to protect the confidential information of all customers, citizens and employees."