State site still turned off after security flaw found by people using it

UTAH STATE CAPITOL – The UDOT Express Pass registration site is still shut down after state officials learned of a flaw in the system, which would allow someone to look up some personal information of other customers.  Up to 21,000 customer accounts could have been vulnerable.  These details included names, email addresses, home addresses, the last four digits of credit card numbers and the answers to security questions.

Officials with the Department of Technology Services say the third party vendors who worked on the registration software are now fixing the vulnerability.  After that, Department Spokesperson Stephanie Weteling says they’ll do their own test to make sure the problem is resolved.  “When we are confident that the site is secure, we’ll put it back online,” she says, adding they  hope to have it fixed in the next day or two.

Department of Technology Services Spokesperson Stephanie Weteling says the info did not have social security numbers or complete credit card numbers, but still, there were too many personal details to be shared.  “If a bad actor had been able to [go] into the system, they could have potentially got some information.”

They don’t know if anyone searched through the site to mine for data, but, they’ve requested the log files to hopefully see if that happened.  “Our security team will comb through the log files to see what they can find,” Weteling says.

(Photo Credit: KSL TV)