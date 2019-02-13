A tech company blamed for mishandling a cyberattack that exposed credit card and personal information belonging to thousands of New Brunswickers will retain its contract with the city of Saint John for at least the next two years.

CentralSquare Technologies is deeply tied to the city's IT department and responsible for such things as payroll, purchasing and accounts payable.

The company also handles water and sewage bills, work orders, and building code enforcement.

A report to city councillors Monday describes CentralSquare's services as "core to enabling public service delivery and the financial management of the city."

But councillors weren't impressed on Dec. 21 when city IT staff learned via an online tech industry news story that Saint John was one of 47 cities whose click2gov parking fine servers had been hacked.

That story, published Dec. 19, along with an earlier article from another site, stated 6,000 people were left exposed after paying Saint John parking fines using credit cards online.

"Why weren't we notified? Why did we have to find out in an article?" asked Mayor Don Darling in a Jan. 28 interview. "It wouldn't meet my definition of a partnership [with CentralSquare]."

Saint John Mayor Don Darling: 'We have no choice but to continue working with the organization.' Darling described the incident as a potential breach of the company's contract with the city.

But on Monday night city councillors passed a motion, with no discussion, to cut a cheque for $192,000 to pay for maintenance and support in 2019 for applications related to the city's enterprise resource planning (ERP) system.

A second part to the motion approved future maintenance and support payments to CentralSquare until a new ERP system is put in place.

The staff report notes it would take at least two years to replace the system.

"How does it relate to the breach that we had and what our future options may be, those are going to be continued to be explored," said Darling Monday. "But … we have no choice but to continue working with the organization just because of how integrated it is."

Darling says it would be a "multi-million dollar project" to replace the existing ERP system.

Although the online parking fine payment system remains offline, the city also continues to pay CentralSquare Technologies for the service.

Darling said he does not know when the system can be restored.

CentralSquare Technologies issued a statement Jan. 29 saying security issues took place "in certain towns and cities that choose to host their own systems locally," rather than in the company's cloud.

The statement, which is not attributed, says for safety and security reasons the company cannot comment on customers, their environments or their security.

