ParkMobile, a phone application used to electronically pay for parking in major cities across the U.S., said user data including license plate numbers and contact information was recently compromised.
In an email to users Thursday, ParkMobile said the user data, including license plate numbers, email addresses and phone numbers, was accessed due to a vulnerability in third-party software it uses.
ParkMobile, which is headquartered in Atlanta, Georgia, said it became aware of the cybersecurity incident in March and immediately launched an investigation with the help of an outside firm.
“We quickly eliminated the third-party vulnerability, and we continue to maintain our security and monitor our systems,” ParkMobile said in the email.
“Out of an abundance of caution, we also notified the appropriate law enforcement authorities,” ParkMobile told users.
ParkMobile stressed that no credit card information was accessed due to the incident and that it does not collect or store its users Social Security numbers, driver’s license numbers or birth dates.
“Only basic user information was accessed,” said ParkMobile, such as license plate numbers and contact information. Nicknames provided by some users for their automobiles were also accessed, it said.
ParkMobile added that user passwords were accessed, too, but it said they were encrypted using keys that were not compromised in the breach.
“No data related to a user’s parking transaction history was accessed,” ParkMobile said.
ParkMobile boasts of being available in hundreds of cities across 41 states and Washington, D.C. The company told The Washington Times that around 21 million records were accessed, including data for users in the D.C. metro area and elsewhere.
Copyright © 2021 The Washington Times, LLC.