Protecting our customers and their clients’ data is of the utmost importance to Superion. Last year we reported that a limited number of on-premise clients had identified suspicious activity on their servers that are used to host Superion’s Click2Gov product. Upon learning of the activity, we took proactive steps to quickly notify all Click2Gov customers as early as September 2017. Additionally, Superion launched an investigation and engaged a forensic investigator to assess what happened and determine appropriate remediation steps.
We have assisted many customers, who would allow us, by providing best-practices advice and helping them with the application of patches in order to update and better secure their networks. To date, Superion has deployed the necessary patch to our software and assisted customers in the application of patches related to a third-party component. At this time, we have no evidence showing that it is unsafe to make payments utilizing Click2Gov on hosted or secure on-premise networks with recommended patches and configurations. Superion does not control our customers’ networks, so we recommend citizens contact their municipality or county if they have any questions related to security.
It is important to note that these security issues have taken place only in locally hosted on-premise networks in certain towns and cities. Not a single client in Superion’s data centers or in the Superion Cloud has faced these issues, even when they are using the same software product. We at Superion are committed to combating these attacks on local government systems by offering cloud-based secure environments that protect data for local governments facing an increasing number of cyber-security threats.
We continue to work closely with our customers to swiftly resolve and remediate this matter.