Saint John Common Council didn’t have much to say about a data breach that potentially exposed the personal information of thousands at a meeting, Monday.
Council is being told attacks against municipalities are on the rise and it’s not a case of “if” organizations will be hacked but “when.”
A report presented to council Monday night indicates the city was made aware of the breach on Dec. 21 after a pair of online articles suggested customer payment information may have been compromised through the Click2Gov application which allowed parking tickets to be paid to the city online.
Saint John was one of nearly four dozen North American municipalities identified as being potentially hacked.
Further investigation revealed the so-called at-risk period to be between May 1, 2017, and Dec.r 16, 2018, and to anyone who used a card to pay a parking ticket online, by phone or in person. Ten thousand letters were mailed to people who had paid parking tickets in that timeframe but the report says it was unable to determine exactly who was impacted by the breach.
Saint John Mayor Don Darling seemed none too pleased with CentralSquare Technologies, owners of the Click2Gov application.
“It wouldn’t meet my definition of a partnership,” said Darling. “And the CentralSquare folks, the Click2Gov folks that we were working with… that we had to find that out through an article would be questions that I would have in terms of a go forward. Why weren’t we notified?”
WATCH: Investigation continues into Saint John parking data breach
Outside of Darling and the city’s Stephanie Rackley-Roach, who gave the presentation, no one else around the council tabled offered any comment on the situation.
When asked about the lack of discussion, Darling says he couldn’t speak to why other councillors didn’t comment further.
“It’s a very complex subject,” said Darling. “I think that we have very competent staff. I believe that they did handle this very actively through a difficult time of the year, late in December (and) all through the holidays.”
The city is looking at long-term remedies which include a new online payment system with hopes of launching in the 2nd quarter of this year.
Seven short-term recommendations are being made by city staff. They include additional anti-virus software, updating firewalls, securing cyber insurance and also a new system that would better monitor, detect and then respond to any possible to any future cyberattacks.