Parkbytext customer info may have been breached

Parking operator says passwords and credit/debit card details protected

Motorists who use the parkbytext mobile and online service were informed by email earlier this week that their information may have been breached. Photograph: Eric Luke/The Irish Times

Motorists who use the parkbytext mobile and online service were informed by email earlier this week that their information may have been breached. Photograph: Eric Luke/The Irish Times

 

Phone numbers, email and home addresses, and vehicle registrations of Parkbytext customers may have been breached by “malicious software” during a service outage last week.

The mobile phone parking operator experienced an outage last week which was later resolved.

However, the company said on Friday that it could not confirm “with 100 per cent certainty” that customer data had not been breached during the incident.

It confirmed that customer passwords and credit/debit card details, which were encrypted, had not been compromised.

Parkbytext said that “information which may have been accessed includes mobile phone number, vehicle registration, email address, and permit application details [address and licence]”.

The company said it had strengthened its systems to ensure the protection of customer data and that it planned to introduce “additional levels of security as further preventative and security measures”.

An investigation into the potential security breach is ongoing.

Motorists who use the Parkbytext mobile and online service were informed by email earlier this week that information including “account details for car registration, mobile number, email, and proof of address and licence” may have been breached during the outage when “a potentially malicious software” entered the server.

A spokeswoman for the Data Protection Commissioner (DPC) said Parkbytext had notified the office of the potential breach, in line with the commissioner’s code of conduct, and that an investigation was ongoing.

The commissioner’s office said Parkbytext was obliged to keep personal data safe and secure and to communicate with customers when that security had been compromised.

“In the event that a breach of personal data is established, customers retain the right to raise a complaint with the DPC in respect of their own personal data.”

Asked whether Dublin City Council’s Parking Tag system had suffered any similar breaches, a spokeswoman said no malicious software had entered the server.

She said the council was acutely aware of the sensitivity of personal data and treated all information with “the highest levels of security” using anti-virus malware protection, strong network controls, regular vulnerability scans, penetration tests and secure coding standards.

The Central Bank of Ireland warned that firms should take extra measures to protect the personal data of their customers given the rise in incidences of cyber-attacks and business interruptions.

Customers concerned about the breach are invited to contact the Parkbytext customer service team with any queries.