Ames parking ticket data breach could have compromised 1,500 customers’ payment information

Need+a+place+to+park+but+dont+have+a+permit%3F+Parking+meters+are+located+in+various+lots+around+campus.+These+meters+can+be+used+at+any+time%2C+but+be+sure+to+check+the+signs+as+many+meters+have+time+limits.%C2%A0

Caitlin Yamada/ Iowa State Daily

Need a place to park but don’t have a permit? Parking meters are located in various lots around campus. These meters can be used at any time, but be sure to check the signs as many meters have time limits. 

Jacob Smith
September 25, 2019

Click2Gov experienced a data breach that impacted nearly 1,500 people who paid parking tickets online through the City of Ames website.

From July 30 through Sept. 12, those who used Click2Gov, the third-party vendor used by the City of Ames website to process parking ticket payments online, may have been affected. The “possible data released includes encrypted credit card or debit card numbers, first names, last names, addresses and email addresses,” according to a press release. 

The data was not compromised for other City of Ames payment systems, and the city will be sending mail and email notifications to those potentially affected by the breach.

Once the city was notified of the breach, internal protocol was followed and the city replaced the web server.

This breach is the second one within a year as the city also experienced a breach back in October 2018 when Click2Gov was attacked and 4,600 customers were affected. In this attack, Ames was one of several other customers that faced the compromise due to hacking activity.

The city is additionally “migrating to a web-based system that offers multiple layers of security,” according to the press release.

City of Ames Information Technology Manager Dorrance Smith said that there has not been anything suspicious reported yet.

“No one has reported suspicious activity to us, but we strongly encourage all customers receiving notice to be vigilant about monitoring credit and banking transactions,” Smith said in a press release. “Since we were made aware of the server compromise, we’ve taken steps on our end to make the system less vulnerable to cyber attacks.”

The city said it advises customers to monitor credit card statements and bank information for any signs of unauthorized use.

“We know our customers trust the safety of our payment systems, and we are extremely concerned by this incident,” Smith said in a press release. “We remain vigilant about keeping information shared with the city safe, and we have taken steps to implement the most effective security measures available.”