Description
I understand that there was a data breach of the parking system used by Medford. Learned of this only bc of a resource I am signed up to use, but not from that company itself. All users need to be notified to safeguard their personal information.
4 Comments
Medford, MA (Verified Official)
Mr. Sea (Registered User)
Medford Police Traffic Unit (Verified Official)
Closed Nate - ParkMedford (Registered User)
Republic has learned that ParkMobile recently reported a data incident related to Parkmobile’s mobile payment app. This was not a Republic data incident. Nonetheless, Republic has contacted ParkMobile for information. Republic has learned that ParkMobile is in the process of directly contacting those users who elected to use the ParkMobile app, and Republic has received a copy of that ParkMobile email to users, a copy of which is included below.
Please also see the same information located at: https://support.parkmobile.io/hc/en-us/articles/360058639032-Security-Notification-March-2021
FROM PARKMOBILE TO APP USERS:
Subject: Important Security Update
In March, ParkMobile became aware of a cybersecurity incident linked to a vulnerability in a third-party software that we use. In response, we immediately launched an investigation with the assistance of a leading cybersecurity firm to address the incident. We quickly eliminated the third-party vulnerability, and we continue to maintain our security and monitor our systems. Out of an abundance of caution, we also notified the appropriate law enforcement authorities.
We recently concluded our investigation and are now updating our users of the findings. Below are the key points about the incident.
The investigation confirmed that no credit card information was accessed.
No data related to a user’s parking transaction history was accessed.
Only basic user information was accessed. This includes license plate numbers, as well as email addresses, phone numbers, and vehicle nicknames, if provided by the user. In a small percentage of cases, mailing addresses were also affected.
Encrypted passwords were accessed, but not the encryption keys required to read them. We protect user passwords by encrypting them with advanced hashing and salting technologies.
We do not collect Social Security numbers, driver’s license numbers, or dates of birth.
We take extensive measures to protect user passwords. However, as an added precaution, users can change their password in the “Settings” section of the ParkMobile app or on the web by clicking this link. We recommend always using unique passwords for different online accounts.
As the largest parking app in the U.S., the trust of our users is our top priority. Please rest assured we take seriously our responsibility to safeguard the security of our users’ information.