ParkMobile, an app that lets drivers in a handful of Massachusetts cities pay parking meter charges from their cellphones, on Wednesday notified users that license plate numbers and other “general account information” but no credit card numbers were accessed during a March cybersecurity incident.
Information exposed during the incident — which the company said was “linked to a vulnerability in a third-party software which we use” — includes email addresses, phone numbers and vehicle nicknames, if provided by the user, along with license plates. ParkMobile said mailing addresses were also accessed in “a small percentage of cases.”
“We quickly eliminated the third-party vulnerability, and we continue to maintain our security and monitor our systems. Out of an abundance of caution, we also notified the appropriate law enforcement authorities,” the company said in an email to users.
ParkMobile said data related to users’ parking transaction history remained secure, and that encrypted passwords were accessed but not the encryption keys required to read them. The company said users can change their passwords as an added precaution if they wish to do so.
ParkMobile, which promotes itself as “the largest parking app in the U.S.,” is used in communities including Boston, Medford, Somerville, Northampton, Attleboro and Amherst, and offers parking spot reservations in lots and at event venues. –
