An initial investigation into a data breach that affected a city’s parking system has found that the breach began as far back as May 2017.
The city of Saint John in New Brunswick issued a statement earlier this week explaining that the breach involved “multiple instances when an unknown source gained access to confidential customer information on the city’s server through the Click2Gov payment system.” The city learned of this through a private cyber security analyst that had been hired to conduct forensic analysis of the cyberattack.
“This gives reason to believe that the breach could impact anyone who has paid a city-issued parking ticket over the past two years, from early 2017 to December 16, 2018,” the statement continued.
CBC News reported that the data that was exposed due to the breach may include a person’s first and last name, mailing address, credit card number, expiry date and the card’s security code.
The breach was detected on December 21; upon learning of the attack, the city notified the vendor CentralSquare Technologies. In turn, CentralSquare hired an analyst to figure out when the breach first occurred and the potential impact it had on customer data.
The city was not the only victim of the attack – 45 other system clients were also affected by the breach.
In its statement, Saint John encouraged anyone who has paid a parking ticket within the city – whether online or by phone – to monitor their credit card accounts for suspicious activity.
The city also noted that it has momentarily pulled the plug on its parking payment system until the investigation wraps up and proper security measures have been put in place.
“The city apologizes to customers who have been impacted by the data breach. Cyber attacks can happen at any time and the city makes every effort to protect the confidential information of all customers, citizens and employees,” the statement read.