GovPayNow Website Leaked Data Of 14 Million Customers Publicly

  • 51
  •  
  •  
  •  
  •  
  •  
  •  
    51
    Shares

Once again, a website flaw leaked data of millions of customers online. This time, it is the website of the Government Payment Service Inc. ‘GovPayNow’ that exposed 14 million records. A security researcher discovered the flaw that leaked personal details of the users and informed the firm.

GovPayNow Data Leaked Online Due To Website Error

As disclosed by KrebsOnSecurity, the official website of Government Payment Service, Inc. inadvertently leaked millions of customer records online. GovPayNow is an online payment service facilitating government institutions for processing payments. Based in Indianapolis, the portal allegedly provides services to thousands of state and local government entities in the US.

On September 14, 2018, KrebsOnSecurity notified the firm of the error that leaked customer data. As stated by Brian Krebs in his blog, he found the site exposing records over the previous six years (that is, until 2012). The leaked data contained receipts of around 14 million customers that collaborated with GovPayNow website. The details included customer names, contact numbers, addresses, and the last four digits of their credit cards.

After two days, the researcher received a statement from the firm acknowledging the alert. They also confirmed that they patched the flaw in their online system that exposed copies of receipts to other users.

Moreover, they also confirmed that the leaked data remained safe from any improper access. As mentioned in their statement,

“The company has no indication that any improperly accessed information was used to harm any customer, and receipts do not contain information that can be used to initiate a financial transaction. Additionally, most information in the receipts is a matter of public record that may be accessed through other means. Nonetheless, out of an abundance of caution and to maximize security for users, GovPayNet has updated this system to ensure that only authorized users will be able to view their individual receipts.”

GovPayNow Data Leak – Just Another Incident Of Data Exposure Through Website

This isn’t the first time that a firm exposed user records online due to a site error. In the past, the same researcher pointed out the bug in LifeLock’s website that exposed customers’ email address. Besides, just a couple of weeks ago, Fiserv – a financial service provider firm – explicitly leaked data of several banks due to a glitch in its web platform. Therefore, the present incidence appears to be a continuation of the trail of data leaks through firms’ own systems. Nonetheless, the growing frequency of such incidences indeed serves as a red flag for corporate service providers to improve their online security.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!