MOBILE, Ala. (WKRG) — ParkMobile, the app used by Republic Parking to accept electronic payments for parking in downtown Mobile, has reported a security incident.
The company says no credit card or parking transaction history was accessed. They say basic information, like email addresses, phone numbers, and license plate numbers were accessed.
The City of Mobile says they contract with Republic Parking System, which uses ParkMobile to accept electronic payments. We have reached out to Republic Parking.
Full statement from ParkMobile:
ParkMobile became aware of a cybersecurity incident in March linked to a vulnerability in a third-party software that we use. In response, we immediately launched an investigation with the assistance of a leading cybersecurity firm to address the incident. We quickly eliminated the third-party vulnerability, and we continue to maintain our security and monitor our systems. Out of an abundance of caution, we also notified the appropriate law enforcement authorities.
The City of Mobile released the following statement:
The City contracts with Republic Parking System, which uses ParkMobile smartphone app to accept electronic payments. The City of Mobile does not operate the app, but we were made aware of a limited breach ParkMobile reported to Republic Parking System. I have included information that was shared with Republic recapping ParkMobile’s investigation of the breach and encouraging users to change their passwords as an extra precaution. We would encourage any users in Mobile to do the same.
ParkMobile later sent the following statement:
“Our investigation concluded that encrypted passwords, but not the encryption keys needed to read them, were accessed. While we protect user passwords by encrypting them with advanced hashing and salting technologies, as an added precaution, we have communicated to users via our support page that they may consider changing their passwords. In the coming days we plan to communicate through other channels as well. Our investigation has confirmed that basic account information – license plate numbers and, if provided by the user, email addresses and/or phone numbers, and vehicle nicknames – was accessed. In a small percentage of cases, mailing addresses were affected. No credit cards or parking transaction history were accessed, and we do not collect Social Security numbers, driver’s license numbers, or dates of birth.Please rest assured we take seriously our responsibility to safeguard the security of client and user information and appreciate your continued trust.”
We recently concluded our investigation and are now updating our users of the findings. Uses will get an in-app notification, an email and there is a notice posted in the app on our website.
Below are the key points about the incident.
- The investigation confirmed that no credit card information was accessed.
- No data related to a user’s parking transaction history was accessed.
- Only basic user information was accessed. This includes license plate numbers, as well as email addresses, phone numbers, and vehicle nicknames, if provided by the user. In a small percentage of cases, mailing addresses were also affected.
- Encrypted passwords were accessed, but not the encryption keys required to read them. We protect user passwords by encrypting them with advanced hashing and salting technologies.
- We do not collect Social Security numbers, driver’s license numbers, or dates of birth.
We take extensive measures to protect user passwords. However, as an added precaution, users can change their password in the “Settings” section of the ParkMobile app or on the web by clicking this link. We recommend always using unique passwords for different online accounts.
If users need help changing their password, they can click here to get step-by-step instructions.
As the largest parking app in the U.S., the trust of our users is our top priority. Please rest assured we take seriously our responsibility to safeguard the security of our users’ information.