The hackers of the city parking fine system in Saint John, Canada have been selling sensitive data on the dark web for over a year.
The security breach in the system was not spotted for 15 months after the initial attack, which ultimately allowed the hackers to gain personal information and credit card numbers of 6,000 Canadian residents.
The illegal trade of delicate information happened on dark web markets, where the stolen data was sold to strangers.
The City Was Not Alerted on Time
Online news outlet IT World initially reported the hack of the software click2gov in Dec. 19, 2018.
Even though other 46 North America municipalities were affected as well, the publication specifically cited the City of Saint John in the article, which was covering a report from research firm Gemini Advisory that identified the click2gov data breach.
However, the security personnel of the city did not learn about the data breach until Dec. 21, 2018.
At the time, the city staff still had not been contacted by CentralSquare Technologies, manufacturer of the click2gov bill-pay management system, about the hack because the information was not brought to their attention.
The Mayor of Saint John, Don Darling, also, spoke to the public and had many unanswered questions about the situation as the residents of the city.
He was very disappointed that the authorities and the people had to find out about the invasion of their personal privacy and information in an article published by IT World.
When the technology organization learned more about the hack, they were stunned to find out the system had been infected for 18 months.
The malware outbreak used to disrupt the municipal server allowed the hackers to acquire sensitive information of 6,000 people who have paid their parking fines using their phone, credit card or in person.
The hackers had gained access to card numbers, names of the cardholders, card verification numbers, addresses as well as card expiration dates.
As soon as the city's IT department found out about the hacking, the system immediately was shut down to prevent any further damage.
However, data belonging to many card users were sold on the dark web for 15 months, disabling the authorities to remedy the situation.
The stolen credit cards, according to IT World reports, were sold for approximately $10 each.
The reasons and the people behind the attack are still unknown. The city currently works on providing the citizens with a substitute for the service, and the initial parking fine system remains offline to this day.
The City's Security Measures
Since it is very hard to tell the exact volume of stolen information, the citizens fear the numbers are far higher than what was originally said.
Security measures are necessary for the people of Saint John to feel protected from similar incidents.
As a result, threat assessment on the IT systems of the city will be performed, said Stephanie Rackley-Roach, the director of corporate performance.
The Canadian Institute of Cyber Security will complete the evaluation.
Following the appraisal, the security measures mention installing a strong firewall and improving the antivirus software.
As a prudent measure for better security, the city is also going to buy cyber insurance.
Subsequently to the hack of the city's parking fine system, Saint John police received a total of 18 complaints from residents.
The police's public notice was issued on Dec. 21, 2018 and that is the same day the law enforcement started collecting the statements.