Companies dealing with government agencies and state online payments in the US have become a central part of the security incident leading to a potential exposure of 14 million records.
According to security expert Brian Krebs, Government Payment Service Inc., which is operated under the name of GovPayNet and manages the GovPayNow.com domain, has released customer data for at least six years.
Mr. Krebs said on Monday 's blog that the information displayed includes the last name, address, telephone number and the last four digits of the credit card submitted through the online payment system.
In total, more than 14 million customer files were infringed.
The company based in Indianapolis is used to process payments on behalf of government agencies.
Government agencies contracting services can use payment gates to process payments related to law enforcement agencies, courts, correctional facilities, compensation payments, fines, property taxes, etc.
See also: Apple iOS 12 Security Update Safari Spoofing Attack, Data Leakage, and Kernel Memory Gap
Visa, MasterCard, American Express, Discover cards are accepted at the gateway. When payment is made, an online receipt will be issued to the customer.
Security researchers said in 2012 that they could see the customer record by clearing the numbers displayed on the receipt with the portal web address until the weekend.
TechRepublic: Why 31% of data breaches lead to employee dismissal
GovPayNet was relatively modest about this incident. Two days later, after Krebs informed the company of the show, the company had stated that "potential problems" were resolved.
"GovPayNet solves the potential problems of online systems and users can access copies of receipts, but they are not restricting access to authorized recipients," the company said in a statement . It was transmitted. "There is no indication that illegitimately accessed information is used to hurt customers and that receipts do not contain information to initiate financial transactions"
"In addition, most of the information on the receipt has access to the information published by other means," GovPayNet added.
CNET: Equifax data violation by number: complete ventilation
Earlier this month, British Airlines British Airways said that …
I hope you like the news GovPayNow payment portal may have exposed over 14 million customer records. Stay Tuned For More Updates 🙂