GovPayNow.com a company which manages payment system of U.S state and local government has leaked over 14 million customer records.
The breach exposed customer records dating back to 2012 and leaked data includes names, addresses, phone numbers and the last four digits of the customer’s credit card.
Government Payment Service Inc. is an Indianapolis based company which is used by U.S government agencies to accept payment from customers related to court-ordered fines, local government fees, traffic fines etc. after the payment is made the company will provide an online receipt.
GovPayNow.com is used by approximately 2300 government agencies in 25 states.
The company responded by a statement to KrebsOnSecurity that “GovPayNet has addressed a potential issue with our online system that allows users to access copies of their receipts, but did not adequately restrict access only to authorized recipients”.
The company also said that they did not find any indication of misuse of data and information found on receipt cannot be used to initiate a financial transaction.
“Additionally, most information in the receipts is a matter of public record that may be accessed through other means. Nonetheless, out of an abundance of caution and to maximize security for users, GovPayNet has updated this system to ensure that only authorized users will be able to view their individual receipts. We will continue to evaluate security and access to all systems and customer records.” said in the statement provided to KrebsOnSecurity by the company.
You may be interested in reading:42 Million Records of Credential Stuffing Data Discovered on the Free Hosting Service Kayo.moe