Reading:
Tesco Parking App Data Leak
Share:
car hacking

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Tesco Parking App Data Leak

Last month, the Tesco parking app data leak was discovered by The Register, and it involved the exposure of tens of millions of number plate images.

It was one of those cases of information that had been accidentally left exposed, and was accessible to anyone who came across it. It was also a clear example of one of the issues we’ve been talking about lately, which is the weaknesses that come with outsourcing information services.

Your defence is only as good as your weakest link, and when there are more links in the chain that arise from outsourcing, data controllers need to be vigilant.

About the Tesco parking app data leak

The Register discovered the Tesco parking app data leak – software used for parking validation – which involved tens of millions of images that had been used for ANPR (Automatic Number Plate Recognition).

The images were reportedly of vehicles that had left and entered 19 of the Tesco’s car parks across the country, and the number plates were visible in timestamped images. The data was discovered on an unsecured Microsoft Azure blob, which reportedly powered the outsourced app. There were no login or authentication controls in place, meaning anyone could access the information online.

The operator behind the blob, Ranger Services, is said to be looking into how the data leak has happened. It’s understood that the blob may have been left open during a planned migration of data, but it remains unknown as to how long the information was left exposed for.

A spokesperson from Tesco said:

“A technical issue with a parking app meant that for a short period historic images and times of cars entering and exiting our car parks were accessible. Whilst no images of people, nor any sensitive data were available, any security breach is unacceptable and we have now disabled the app as we work with our service provider to ensure it doesn’t happen again.”

Outsourcing dangers

The Tesco parking app data leak is a clear example of the dangers of outsourcing information. I’m sure Tesco would have expected the information to have been stored safely, but it took the accidental discovery of the unsecure data to raise the alarm about it.

As we often say, organisations are only as strong as their weakest link. As more and more information is digitalised, and outsourcing continues to grow, we’ll probably see increasing volumes of these kinds of data leaks. As each day passes, we take on more data leak compensation claims for both individual actions, and for group and multi-party actions.

For the victims, the outcome remains the same. Their personal information is leaked or exposed through no fault of their own.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon