Government Website Vulnerability Exposes Over 14 Million Customers

Government Website Vulnerability Exposes Over 14 Million Customer Records

U.S. government payment site GovPayNow.com had poor security measures risking data leaks as far back as 2012

  • By Jordan Lutke
  • Sep 20, 2018

A website used by thousands of local governments in the U.S. to accept online payments has been found to contain a security vulnerability which put over 14 million customers at risk of having their data accessed.

GovPayNet, run by the company Government Payment Service Inc., processes customer payments for everything from tax payments and licensing fees to court-ordered fines and restitution payments. A very simple vulnerability caused at least 6 years of customer receipts to be made available to anyone with the keyboard savvy to change a few numbers in the URL bar of a browser.

GovPayNow.com stresses that customers are now safe, and stated there was “no indication that any improperly accessed information was used to harm any customer.” The systems have been updated to close the security gap since the vulnerability was made public by KrebsOnSecurity, a security investigation website.

Web security experts found the vulnerability exasperating. Terry Ray, CTO of the cybersecurity firm Imperva, said security loopholes like this should have been closed over a decade ago.

“I don’t know where the break-down in the process was for Govpaynow.com, but something definitely didn’t happen as it should,” Ray said. “Web site usage or attacks of this type, whichever you prefer to call the situation, are avoidable.”

Chris Olson, CEO of The Media Trust, explained that these vulnerabilities are even more dangerous when found on government websites.

“Hackers target government websites for three reasons,” Olson said. “First they draw thousands, if not millions, of users who enter sensitive, personally identifiable information in order to access services or make payments. Second, they are often poorly defended as a result of limited budgets and the preponderance of legacy systems, machines, and software. Third, their digital third parties also often have inadequate security measures and practices.”

Government Payment Services Inc was acquired by Securus Technologies early in 2018. The Texas-based telecommunications company has already come under fire this year for lax security, when hackers stole the credentials of law enforcement officers off its system, in May.

KrebsOnSecurity noted that, as cybersecurity experts stated above, closing these gaps is remarkably simple.

About the Author

Jordan Lutke is an intern with 1105 Media.

Featured

  • Cost: Reactive vs. Proactive Security

    Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now

  • Achieving Clear Audio

    In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now

  • Beyond Apps: Access Control for Today’s Residents

    The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now

  • Survey: 48 Percent of Worshippers Feel Less Safe Attending In-Person Services

    Almost half (48%) of those who attend religious services say they feel less safe attending in-person due to rising acts of violence at places of worship. In fact, 39% report these safety concerns have led them to change how often they attend in-person services, according to new research from Verkada conducted online by The Harris Poll among 1,123 U.S. adults who attend a religious service or event at least once a month. Read Now

  • AI Used as Part of Sophisticated Espionage Campaign

    A cybersecurity inflection point has been reached in which AI models has become genuinely useful in cybersecurity operation. But to no surprise, they can used for both good works and ill will. Systemic evaluations show cyber capabilities double in six months, and they have been tracking real-world cyberattacks showing how malicious actors were using AI capabilities. These capabilities were predicted and are expected to evolve, but what stood out for researchers was how quickly they have done so, at scale. Read Now

Most   Popular

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.