In what has become a common occurrence, another company—this time a credit card payment processing start-up —has suffered an accidental overexposure. A Paay data exposure left credit card details and transactions exposed for anyone to see. Accidental overexposures happen when a database of information is stored in an online or cloud-based server, then the information’s owner fails to protect it with a password. The result is the data housed in the database is open for anyone to discover online.
The New York-based processor acknowledged on April 3 that the incident happened after the data was discovered by a security researcher. The researcher contacted Tech Crunch for help in verifying the information and notifying the company so they could take protective steps. After further review, Paay discovered that the database involved had been unsecured for about three weeks, containing more than two million separate card transaction records dating back to September 2019.
One of the major factors in several data breaches recently is the failure to protect information that the company did not even realize they had. Experts have cautioned businesses to delete information they do not need to store and to stop collecting information that they do not need. In this case, it appears that Paay might not have been aware they stored credit card numbers and then failed to protect that data as a result.
Paay will issue data breach notification letters to the individual consumers whose numbers were left exposed in the Paay data exposure. While expiration dates were visible in this incident, no security codes or account holders’ names were compromised. In the event anyone’s card number was exposed, it is a good idea to contact their financial institution for a new card number. Those affected should also monitor their accounts closely for any suspicious activity and unauthorized transactions.
In the Paay data exposure or any other incident, anyone who suspects their identity has been used fraudulently should file a police report. If anyone needs further assistance, they can call the Identity Theft Resource Center toll-free at 888.400.5530, or live chat with an expert advisor. The ITRC also offers a free app for iOS and Android called the IDTheftHelp app, which offers resources, a location to store the steps victims have completed and the option to chat with an agent.
You might also like…