Hanover County was recently made aware of possible fraudulent charges on credit cards that users may have used to pay utility bills online.
The County takes seriously its responsibility to safeguard the private data of its clients.
In order to determine what data had been compromised and whether the County's system was still vulnerable, the County quickly verified the claim and shut down the Click2Gov system.
Names of the customers, credit card numbers and expiration dates are among the compromised data.
Only payments made online through the Click2Gov interface were vulnerable; automatic withdrawals and phone payments were unaffected.
TPRM report: https://scoringcyber.rankiteo.com/company/hanover-county
"id": "han02116223",
"linkid": "hanover-county",
"type": "Data Leak",
"date": "01/2019",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Public Sector',
'location': 'Hanover County',
'name': 'Hanover County',
'type': 'Government'}],
'attack_vector': 'Compromised Payment System',
'data_breach': {'personally_identifiable_information': ['Customer names'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Customer names',
'Credit card numbers',
'Expiration dates']},
'description': 'Hanover County experienced fraudulent charges on credit cards '
"used to pay utility bills online. The County's Click2Gov "
'system was compromised, leading to the exposure of customer '
'names, credit card numbers, and expiration dates.',
'impact': {'data_compromised': ['Customer names',
'Credit card numbers',
'Expiration dates'],
'payment_information_risk': ['Customer names',
'Credit card numbers',
'Expiration dates'],
'systems_affected': ['Click2Gov System']},
'motivation': 'Financial Gain',
'response': {'containment_measures': ['Shut down the Click2Gov system']},
'title': 'Hanover County Credit Card Fraud Incident',
'type': 'Data Breach, Fraud',
'vulnerability_exploited': 'Click2Gov System'}