Park by Phone data breach affects 5000 customers in Ireland

News by Robert Abel

The incident was initially reported to have occurred Thursday and was reported to the authorities the next day, but new details have since emerged that the first instance of the breach occurred in May, according to the Irish Examiner.

"The council reports that this compromised login allowed a third party to effectively masquerade as an APP on the desktop and automate access attempts and that the first instance of this breach occurred on May 22, 2018," the Data Protection Commission said in a statement, the publication said.

The breach was described as an "unauthorised access and retention of personal data and the fraudulent use of parking credit," the DPC said while emphasising that no personal bank account or payment card details were accessed or balances altered as a result of the incident.

Personal data including car registration numbers, email addresses and mobile phone numbers may have been compromised. Once the breach was identified, cybersecurity experts from KPMG were called in to investigate.

The city council also said it is taking steps to mitigate the consequences of the breach and that everyone who was affected will be notified.

NuData Security Vice President Ryan Wilk commented that while this breach did not include payment card data, threat actors are very talented when it comes to designing fraud schemes to take advantage of the information that was compromised.

"From phishing scams and dictionary attacks – where fraudsters try certain common passwords based on the user’s information – to synthetic identities; as little as an email address can go a long way in the hands of a bad actor," Wilk said. "Continued reliance on static information to authenticate a user will continue to expose companies to breaches."

As a consequence, he said, "several customer-facing organisations that transact online are adopting multi-layered technology solutions that incorporate passive biometrics and behavioural analytics technology to help make stolen data valueless by verifying users based on their inherent behaviour instead of relying on their data."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews