Over 14 million records exposed by US government payment service

Tuesday 18 September 2018 10:57 CET | News

Government Payment Service has exposed at least 14 million customer receipts dating back to 2012, according to security expert Brian Krebs.

Indianapolis-based GovPayNet serves approximately 2,300 government agencies in 35 states and it is used by thousands of US state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines. Thus, more than 14 million customer records were leaked, exposing personal info such as names, addresses, phone numbers and the last four digits of the payer’s credit card.

Millions of customer records could be viewed simply by altering digits in the Web address displayed by each receipt, before the flaw was revealed. On Friday, September 14, KrebsOnSecurity alerted GovPayNet that its site was exposing customer receipts. Two days later, the company said it had addressed “a potential issue” and released an official statement.

According to the document, there is no indication that any improperly accessed information was used to harm any customer, and receipts do not contain information that can be used to initiate a financial transaction.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Brian Krebs, data breach, personal information exposed, fraud prevention, online security, US, Government Payment Service
Countries: World