The mobile parking service – Park By Text – allows users of certain car parks to pay on their smartphones have announced they’ve been subject to a cyberattack, and customers may have had personal information stolen as a result.
Park By Text reportedly discovered malicious software in their systems after a service outage. The company says they do not think any customer information was stolen, but “cannot say this with 100% certainty at this stage”, or at least until investigations come to a close.
Potential hack discovered
The service outage was reportedly resolved quickly, but not before the knock-on effect of technical problems in the data centre:
“A resolution at the time was to move to a different network and run the system as normal. We then noticed a potentially malicious software on our server and immediately addressed this.”
Park By Text began investigations in to the potential hack, but assures customers that login details for individual accounts were apparently not breached, and that passwords are encrypted. Encryption is a simple yet effective method of protecting data where an encryption key is used to scramble data into intelligible code that can’t be read unless the decryption code is used, or severely attacked.
Banking information safe?
Banking information is thought to have not been exposed in the suspected hack:
“In addition, credit/ debit card information is stored on our payment provider’s server and is encrypted. This information remains secure and complies with the best practice industry standards (PCI certified) and would not have been breached either.”
Having covered many data breaches, it’s actually quite refreshing to find a company who has encrypted some of the information they hold for customers. Cybersecurity experts asked to analyse data breaches always recommend encrypting data at the very least, and we blog about many instances where no encryption was used at all.
What may have been breached?
They admitted that some information could potentially have been breached as follows:
- Car registration numbers
- Mobile numbers
- Email addresses
- Permit holder submission forms
- Proof of address and licences
The company has apologised to customers for the incident and for the potential breach of information.
Even a phone number being hacked can be a real nuisance for the victims. Hackers could sell mobile numbers and email addresses to companies who may try to market directly by cold calling, texting or emailing prospective customers. Criminals could also hit victims with scams and phishing emails tailored to the individual as well.
In this case, criminals could send emails to the stolen email addresses quoting their car registration numbers and announcing that the owner is eligible for a car tax refund, or provide a fake inflated valuation to entice the individual into clicking an unsafe link.
The result is that even a little information can allow a criminal to go along way.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.