Protecting our customers and their clients’ data is of the utmost importance to Superion. Last year we reported that a limited number of on-premise clients had identified suspicious activity on their servers that are used to host Superion’s Clock2Gov product. Upon learning of the activity, we proactively notified all Click2Gov customers. Additionally, Superion launched an investigation and engaged a forensic investigator to assess what happened and determine appropriate remediation steps.
Throughout our investigation with the third-party forensic team, we have kept in direct contact with every Click2Gov customer to assist in the resolution of this issue, informing them of our findings via email, phone calls, and one-on-one working sessions. We assisted many customers with analyzing their Click2Gov environment and provided them with best-practice guidance to assist them in securing their servers and networks.
To date, Superion has deployed the necessary patch to our software and a related third-party component, and over 99% of these customers have applied these patches. At this time, we have no evidence showing that it is unsafe to make payments utilizing Click2Gov on hosted or secure on-premise networks with recommended patches and configurations. Superion does not control our customers’ networks, so we recommend citizens contact their municipality or county if they have any questions related to security.
Meanwhile, we continue to work closely with our customers to swiftly resolve and remediate this matter.