Government Payment Services, Inc. (GovPayNet), a secure electronic payment solution that facilitates online payments of anything from traffic citations to child support, has exposed the personal information of more than 14 million customers. According to KrebsOnSecurity, the data leak included names, addresses, phone numbers, and partial credit card information dating back to 2012.
The Indianapolis-based company partners with over 2,600 agencies in 36 states. GovPayNet accepts Mastercard, Visa, American Express, and Discover, as well as debit cards.
How the Data Leak Occurred
On Friday, September 14, 2018, Krebs identified a vulnerability on GovPayNet’s e-commerce site, GovPayNow.com. After making a payment, the site displayed an online customer receipt with a record number displayed in the Web address. Simply altering the digits in the URL made it possible to view millions of customer records.
Each record was numbered sequentially, making it easy for anyone to quickly capture people’s personal information. This data exposure could have easily been prevented by simply using encryption or randomizing record numbers.
The company said it has addressed the issue and is implementing increased security measures.
Data Breaches and Identity Crimes
On September 5, 2018, the Identity Theft Resource Center reported that there have already been 864 reported data breaches in the U.S. this year. Over the last 30 days, T-Mobile experienced a breach affecting more than 2 million customers, and British Airways experience a hack of 380,000 travelers. September also marks the one-year anniversary of the Equifax mega breach, which exposed the Social Security numbers of 145.5 million consumers.
It’s safe to say that your personal information has been involved in at least one major data breach – and once it is exposed, you are forever vulnerable. In fact, according to Javelin Strategy & Research, 1 in 3 victims of a data breach later experience identity fraud.
Don’t Become Another Statistic
Now is the time to act. Hackers and identity thieves are constantly sifting through our personally identifiable information and wreaking havoc on people’s lives.
Join EZShield + IdentityForce on Wednesday, September 26th for our latest 15-minute webinar series, One Year Later: The Personal & Business Impact of the Equifax Mega Breach. You’ll gain critical recommendations and actionable insights on how to protect your personal information, along with additional resources to share with your employees, customers, partners, family, and friends.