[BreachExchange] Car parking app shares 2000 customers' private details after company suffers glitch

Audrey McNeil audrey at riskbasedsecurity.com
Mon Apr 17 18:52:54 EDT 2017 

http://www.telegraph.co.uk/news/2017/04/15/car-parking-
app-customers-personal-data-shared-others-company/


Thousands of users of a parking app may have had their personal details
shared with other customers.

Around 2,000 customers of the parking app RingGo were presented with other
people's details when they logged into the service.

Many took to Twitter to complain of seeing people's names, vehicle
registrations, email addresses and even credit card details.

The app allows users to register several cars and pay to park them in
hundreds of locations across the country.

One customer, John Rust, tweeted: "Just got a call from a guy who logged
into @RingGo_parking app and it loaded my personal info - he phoned my
mobile number that was revealed."

Another, Thomas Bathurst, branding the incident "awful", reported seeing
credit card information and car details.

The company confirmed the problem occurred after a new version of the app
was released in on Tuesday and said a full investigation was being launched
and a report had been submitted to the Information Commissioner's Office.

But on Thursday a glitch in the database meant some drivers were able to
see details from other accounts during peak rush hour.

A spokesman from RingGo yesterday confirmed the data breach.

He said: "As soon as the issue came to our attention we ran a fix and by
0930 no additional motorists’ info could be viewed.

"We believe the actual number of people who have been directly impacted is
around 600.

"This error is totally unacceptable and we apologise sincerely to those
affected."

The spokesperson said a further 1400 accounts had potentially been affected
because they were parking at the time the incident began.

They added: "We can assure customers that no useable payment card
information was displayed – only the last 4 digits are shown.  Some
personal data could have been visible, eg name, vehicle registration."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170417/64ced236/attachment.html>

More information about the BreachExchange mailing list