ParkMobile security notification – user data breach

ParkMobile, the contracted vendor for the UW–Madison timed parking (pay-by-cell “meters”) and Flex parking programs, released a security notification update on April 13, 2021 about a cybersecurity incident affecting some of their user data. Read the ParkMobile security notification (Source: support.parkmobile.io)

From the ParkMobile notification update:

Our investigation concluded that encrypted passwords, but not the encryption keys needed to read them, were accessed. While we protect user passwords by encrypting them with advanced hashing and salting technologies, as an added precaution, users may consider changing their passwords in the “Settings” section of [your account].

Our investigation has confirmed that basic user information – license plate numbers and, if provided by the user, email addresses and/or phone numbers, and vehicle nicknames – was accessed. In a small percentage of cases, mailing addresses were affected. No credit cards or parking transaction history were accessed, and we do not collect Social Security numbers, driver’s license numbers, or dates of birth.

Questions about this security breach should be directed to ParkMobile. (Source: support.parkmobile.io)

ParkMobile recommends users consider changing their ParkMobile passwords. The UW–Madison Office of Cybersecurity (Source: it.wisc.edu) additionally recommends users who may have used the same username and password across multiple sites/systems make sure to change their login information in all locations.

The Office of Cybersecurity also strongly recommends against reusing passwords on multiple sites. Using a password manager is a helpful tool for securely saving multiple usernames and unique passwords. Anyone with an active UW–Madison email address is eligible to sign up for a free LastPass password manager account (Source: it.wisc.edu/services). Read more information in End Your Password Struggles with LastPass Enterprise (Source: it.wisc.edu/news).

Additional cybersecurity resources from DoIT: