Another payment portal breach-Here we go again: GovPayNow.com
Charles Parker, II
>_
Third party vendors have historically been the Achilles heel of the business world for years. The examples of this abound through the news feeds over the last seven years. The first, huge compromise based on this is the Target breach occurring proximate to the holidays, allowed by trusting explicitly a third party vendor. This vendor, a heating/cooling vendor, allowed their compromised system to deliver the malware to Target and make its way to the PoS system, and exfiltrate a mass amount of data, in the form of the Target customer’s credit card information.
While this was a rather large and eye-catching sized compromise, a recent breach approaches the relevant magnitude of this type of a mistake.
GovPayNow.com is a service used by government agencies to process payments. These payments were for law enforcement agencies, courts, correction facilities, departments of revenue, restitution payment, criminal fines, property taxes, and more. The company is based in Indianapolis, IN. This is a vital service for the government entity’s clients.
Unfortunately for the service and government agencies using the service, and their clients who used this, the service was compromised. Krebs on Security notified them on September 14, 2018. To make matters worse, the exfiltrated data was for approximately over 14M records or six years of data. This included the client’s name, address, phone number, and last four digits of the credit card number. The last four of the credit card number isn’t as critical as the rest of the data.
Two days post-notification by Krebs on Security, the service stated they had addressed “a potential issue”. It seems odd that a downplayed security issue (singular) would allow for this breach, fix any log records indicating who was there, and scrubbing any other data indicating who did this. The published accounts don’t indicate the attack vector. This could have been from a number of different sources using a myriad of unique tools and combination of these. This simply could be an aggressive phishing campaign.
Resources
Krebs, B. (2018, September 17). GovPayNow.com leaks 14m+ records. Retrieved from https://krebsonsecurity.com/category/data-breaches/ and https://krebsonsecurity.com/2018/09/govpaynow-com-leaks-14m-records
No comments:
Post a Comment