Millions of records were accessible through a now-fixed vulnerability, company from the last six years, where officials claim that there is no sign of data being misused. One of the popular payment portals within the government agencies has potentially exposed the personal information of millions of citizens while there has been no confirmation of any exploitation of customer data. Now, the vendor community has advised public agencies to be cautious with the forward movements.
Government Payment Service Inc., online website GovPayNet, works with 2,300 government agencies across 35 states handling payment from parking tickets and licensing, confirmed a spokesman.
News and investigations website created by former Washington Post reporter Brian Krebs- Krebsonsecurity.com has reported on Sept. 18 that it has already alerted Indiana-based Government Payment Services Inc. about the inadvertent exposure of “at least 14 million customer receipts, dating back to 2012. In this report, the situation of the leaking of more than 14 million customer records dating back at least six years which includes names, addresses, phone numbers as well as the last four digits of the payer’s credit card.
Further it reads that till the last weekend, it might be possible to view millions of customer records by simple alteration of digits in the Web address displayed, adding to which he states that he, attempted to alert the company to the situation on Sept. 14 and received a response two days later showing it had reacted to the potential issue.
GovPayNet states that, majority of the information in the receipts is “a public record that may be accessed through other means as well”, and because of the abundance of caution and to improve the security for its users, the company has updated its system in order to make sure only authorized users to view individual receipts the company reported
But, it still remains unclear which state and local governments utilize GovPayNet’s services.