The RingGo smartphone parking app used by numerous councils up and down the country has exposed users to a serious data breach.
A glitch with a new version of the iPhone app released last week meant that details of hundreds of registered users were exposed to other users.
A statement from Cobalt Telephone Technologies said: “RingGo cashless parking released a new version of our iPhone app late on Tuesday 11 April.
“This all appeared to be working fine on Wednesday but on Thursday, during the peak rush hour, a glitch in the way the new app addressed the database meant that a small number of drivers were able to see high level details of other people’s accounts. As soon as the issue came to our attention we ran a fix and by 0930 no additional motorists’ info could be viewed.
“We believe the actual number of people who have been directly impacted is around 600. We are in the process of clearing all personal details from the 600 accounts and asking them to resubmit their info. Until this process is complete some users may still see the wrong details. This error is totally unacceptable and we apologise sincerely to those affected.
“There were 1,400 other accounts potentially affected as they were parking at the time the incident began. As a precaution we have disabled their passwords and contacted them with a new PIN so they can reset their passwords.
“We can assure customers that no useable payment card information was displayed – only the last four digits are shown. Some personal data could have been visible, such as name, vehicle registration. It would not be possible to use another’s account to pay for a parking session. We take the security of our customers’ data extremely seriously and a full investigation into the root cause is taking place so that this issue will not happen again.
“We followed standard data incident procedures and have already submitted a report covering this data issue to the ICO. We have also contacted, by email, phone and SMS, those affected.”
What that work entails is the big question for most local authorities – and the subject of a new blog by Agilisys
The results of the 2017 Global Encryption Trends Study show that cloud adoption and escalating threats are accelerating the adoption of encryption technology
The Government will require all of its contractors that handle sensitive data to hold a Cyber Essentials certificate
Survey reveals councils need to do much more to protect data - with a quarter yet to appoint a data protection officer