Once again, a website flaw leaked data of millions of customers online. This time, it is the website of the Government Payment Service Inc. ‘GovPayNow’ that exposed 14 million records. A security researcher discovered the flaw that leaked personal details of the users and informed the firm.
GovPayNow Data Leaked Online Due To Website Error
As disclosed by KrebsOnSecurity, the official website of Government Payment Service, Inc. inadvertently leaked millions of customer records online. GovPayNow is an online payment service facilitating government institutions for processing payments. Based in Indianapolis, the portal allegedly provides services to thousands of state and local government entities in the US.
On September 14, 2018, KrebsOnSecurity notified the firm of the error that leaked customer data. As stated by Brian Krebs in his blog, he found the site exposing records over the previous six years (that is, until 2012). The leaked data contained receipts of around 14 million customers that collaborated with GovPayNow website. The details included customer names, contact numbers, addresses, and the last four digits of their credit cards.
After two days, the researcher received a statement from the firm acknowledging the alert. They also confirmed that they patched the flaw in their online system that exposed copies of receipts to other users.
Moreover, they also confirmed that the leaked data remained safe from any improper access. As mentioned in their statement,
“The company has no indication that any improperly accessed information was used to harm any customer, and receipts do not contain information that can be used to initiate a financial transaction. Additionally, most information in the receipts is a matter of public record that may be accessed through other means. Nonetheless, out of an abundance of caution and to maximize security for users, GovPayNet has updated this system to ensure that only authorized users will be able to view their individual receipts.”
GovPayNow Data Leak – Just Another Incident Of Data Exposure Through Website
This isn’t the first time that a firm exposed user records online due to a site error. In the past, the same researcher pointed out the bug in LifeLock’s website that exposed customers’ email address. Besides, just a couple of weeks ago, Fiserv – a financial service provider firm – explicitly leaked data of several banks due to a glitch in its web platform. Therefore, the present incidence appears to be a continuation of the trail of data leaks through firms’ own systems. Nonetheless, the growing frequency of such incidences indeed serves as a red flag for corporate service providers to improve their online security.