Europe's largest parking app operator has reported itself to information regulators in the EU and UK after hackers stole customer data.
EasyPark Group, the owner of brands including RingGo and ParkMobile, said customer names, phone numbers, addresses, email addresses and parts of credit card numbers had been taken but said parking data had not been compromised in the cyber-attack.
The company did not say how many of its users had been affected, beyond detailing that 950 RingGo users in the UK were involved.
The hack highlights the increasing centralisation of parking services across the world, as apps, websites and automated phone lines replace physical meters and parking attendants.
Operating machines is much more expensive but they do not require personal data to make payments and can be used by people who rely on cash, such as many older drivers.
The central collection of location data is particularly sensitive because it could be used to physically track people.
EasyPark has said it is Europe's biggest parking app in terms of coverage.
The company and rivals such as the Volkswagen-owned PayByPhone and JustPark in Europe and ParkWhiz and SpotHero in the US are racing to cover as much of the world as possible, often incurring steep losses while snapping up competitors.
EasyPark is owned by the private equity investors Vitruvian Partners and Verdane, which bought it from BMW and Daimler in 2021.
Its EasyPark, ParkMobile, RingGo and Park-line apps operate in more than 4,000 cities across 23 countries, including the US, Australia, New Zealand and most western European states such as Germany, France, Spain, Italy and the UK. The company said its ParkMobile brand, which has 50 million users in the US, had not been affected.
Users of RingGo had been affected because some of its services were integrated with the EasyPark technology, but the RingGo platform was not breached, it said.
The company was not yet aware of instances of the data being used or published, and had not received a ransom demand.
Free daily newsletter Get set for the working day - we'll point you to all the business news and analysis you need every morning.
Privacy Notice: Newsletters may contain info about charities, online ads, and content funded by outside parties.
EasyPark Group said it discovered the breach on 10 December, and started informing all affected customers days later.
Sweden's privacy regulator has been notified as the lead authority for the EU, while the Information Commissioner's Office in the UK and the Swiss data regulator have also been informed.
It warned that customers should be mindful of phishing, when attackers use some information to fool people into giving away money or payment details.
This Cyber News was published on packetstormsecurity.com. Publication date: Wed, 27 Dec 2023 15:13:07 +0000