Breach Breakdown: GovPayNow Leaks 14M+ Records

September 21, 2018

What Happened:

GovPayNet (GovPayNow.com) is the latest victim of a data leak. The online payment company is used by more than 2,000 government agencies in 35 states for online payment of everything from traffic citations to court-ordered fines.
 
On September 14, 2018, it was discovered that more than 14 million customer records could be accessed by altering the digits in the Web address displayed by each receipt. Two days later, GovPayNet fixed the issue. The company issued a statement that there is no sign of misuse of the accessed information. The system has now been updated to ensure only authorized users are able to review receipts.
 

How to Prevent Data Leaks:

Data leaks like this are preventable by using something other than sequential record numbers and/or encrypting unique portions of the URL displayed.
Brite-Banners