Data and securityCyber SecurityParking app popular with councils suffers security breach

Parking app popular with councils suffers security breach

The RingGo smartphone parking app used by numerous councils up and down the country has exposed users to a serious data breach

The RingGo smartphone parking app used by numerous councils up and down the country has exposed users to a serious data breach.

A glitch with a new version of the iPhone app released last week meant that details of hundreds of registered users were exposed to other users.

A statement from Cobalt Telephone Technologies said:RingGo cashless parking released a new version of our iPhone app late on Tuesday 11 April.

“This all appeared to be working fine on Wednesday but on Thursday, during the peak rush hour, a glitch in the way the new app addressed the database meant that a small number of drivers were able to see high level details of other people’s accounts. As soon as the issue came to our attention we ran a fix and by 0930 no additional motorists’ info could be viewed.

“We believe the actual number of people who have been directly impacted is around 600. We are in the process of clearing all personal details from the 600 accounts and asking them to resubmit their info. Until this process is complete some users may still see the wrong details. This error is totally unacceptable and we apologise sincerely to those affected.

“There were 1,400 other accounts potentially affected as they were parking at the time the incident began. As a precaution we have disabled their passwords and contacted them with a new PIN so they can reset their passwords.

“We can assure customers that no useable payment card information was displayed – only the last four digits are shown. Some personal data could have been visible, such as name, vehicle registration. It would not be possible to use another’s account to pay for a parking session. We take the security of our customers’ data extremely seriously and a full investigation into the root cause is taking place so that this issue will not happen again.

“We followed standard data incident procedures and have already submitted a report covering this data issue to the ICO. We have also contacted, by email, phone and SMS, those affected.”

Related Articles

NCSC defends UK from more than 10 cyber attacks a week

Cyber Security NCSC defends UK from more than 10 cyber attacks a week

6d Austin Clark
GDS clarifies private sector access to GOV.UK Verify

Cyber Security GDS clarifies private sector access to GOV.UK Verify

1w Austin Clark
Is automation essential in the cyber security battle?

Cyber Security Is automation essential in the cyber security battle?

1m Austin Clark
Please mind the security gap between the premises and the cloud

Cloud Computing Please mind the security gap between the premises and the cloud

1m Guest Writer
NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

Cyber Security NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

2m Austin Clark
Best form of defence: Is the Government's cyber strategy on the right track?

Cyber Security Best form of defence: Is the Government's cyber strategy on the right track?

2m Guest Writer
Making the cloud a safe space

Cloud Computing Making the cloud a safe space

2m Guest Writer
Leading cyberlaw academic calls for review of CCTV and AFR implementation

Cyber Security Leading cyberlaw academic calls for review of CCTV and AFR implementation

3m Austin Clark