Breach cyber

Cucamonga Valley Water District

Aug 26, 2019 2 min read
Cucamonga Valley Water District

On December 4, 2019, the Cucamonga Valley Water District (CVWD) experienced a data breach in its online payment system, managed by the third-party vendor Click2Gov. The incident was caused by an unauthorized malicious script injected into the web portal’s code, which remained undetected between August 26, 2019, and October 14, 2019. The breach exposed personal and financial information of customers, including names, billing addresses, and credit card details. The compromised data belonged to individuals who used CVWD’s online payment service during the specified period. While the exact number of affected customers was not disclosed, the exposure of payment card information posed a significant risk of fraudulent transactions and identity theft. The breach was identified during a routine security review, prompting CVWD to disable the compromised payment portal and notify affected customers. The incident highlighted vulnerabilities in third-party payment processors and the potential consequences of supply-chain attacks targeting public utility services. Although no immediate evidence suggested large-scale fraud, the exposure of sensitive financial data raised concerns over customer trust and operational security, necessitating remediation efforts, including enhanced monitoring, forensic investigations, and customer notifications to mitigate further risks.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-184838

TPRM report: https://www.rankiteo.com/company/cucamonga-valley-water-district

"id": "cuc027091825",
"linkid": "cucamonga-valley-water-district",
"type": "Breach",
"date": "8/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Water Supply and Utilities',
                        'location': 'California, USA',
                        'name': 'Cucamonga Valley Water District (CVWD)',
                        'type': 'Government / Utility'},
                       {'industry': 'Payment Processing / Software',
                        'name': 'Click2Gov',
                        'type': 'Service Provider'}],
 'attack_vector': 'Unauthorized script injection in web portal code',
 'data_breach': {'data_exfiltration': 'Potential (unauthorized script likely '
                                      'exfiltrated data)',
                 'personally_identifiable_information': ['names',
                                                         'billing addresses'],
                 'sensitivity_of_data': 'High (PII and payment details)',
                 'type_of_data_compromised': ['personal information',
                                              'payment information']},
 'date_detected': '2019-12-04',
 'date_publicly_disclosed': '2019-12-04',
 'description': 'On December 4, 2019, the California Office of the Attorney '
                'General reported a data breach involving Cucamonga Valley '
                'Water District (CVWD) related to its online payment system '
                'managed by Click2Gov. The breach occurred when an '
                'unauthorized script was identified in the code of the web '
                'portal, potentially exposing personal information, including '
                'names, billing addresses, and credit card details, of '
                'customers who used the service between August 26, 2019, and '
                'October 14, 2019.',
 'impact': {'data_compromised': ['names',
                                 'billing addresses',
                                 'credit card details'],
            'identity_theft_risk': 'Potential (due to exposed PII)',
            'payment_information_risk': 'High (credit card details exposed)',
            'systems_affected': ['Click2Gov online payment portal']},
 'initial_access_broker': {'entry_point': 'Web portal (Click2Gov online '
                                          'payment system)',
                           'high_value_targets': ['customer payment data']},
 'post_incident_analysis': {'root_causes': ['Unauthorized script injection in '
                                            'third-party payment system '
                                            '(Click2Gov)']},
 'references': [{'date_accessed': '2019-12-04',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['Potential violation of '
                                                    'California data breach '
                                                    'notification laws (e.g., '
                                                    'CCPA)'],
                           'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'response': {'communication_strategy': 'Public disclosure via California '
                                        'Office of the Attorney General'},
 'title': 'Cucamonga Valley Water District (CVWD) Data Breach via Click2Gov '
          'Online Payment System',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Web application vulnerability (Click2Gov online '
                            'payment system)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.