More than 5,000 affected by Park by Phone data breach

Ann Doherty: Detailed probes will take some time.

More than 5,000 people have been affected by the data breach at Cork City’s Park by Phone service, it emerged last night.

Cybersecurity experts are assisting with an investigation into the breach and steps have been taken to secure the service, which is provided to the city council under contract by ParkMagic.

While the reported breach occurred last Thursday and was notified to the relevant authorities and to the public on Friday, it has emerged that the first instance of the breach occurred in May.

The details emerged in a report to city councillors and in a statement from the Data Protection Commission (DPC).

The DPC said it was notified by the city council of the personal data breach last Friday.

While no personal bank account or credit or debit card details were accessed, no account balances altered, and no passwords compromised, personal data including car registration numbers, email addresses, and mobile phone numbers may have been compromised.

There has been no impact on the operation of the service.

The DPC said the data breach was a result of an APP credential being compromised.

In a statement, it said: “The council reports that this compromised login allowed a third party to effectively masquerade as an APP on the desktop and automate access attempts and that the first instance of this breach occurred on May 22, 2018.

The DPC said the council has informed gardaí about the breach, describing it as the “unauthorised access and retention of the personal data and the fraudulent use of parking credit”.

“The council is currently taking steps to mitigate the consequences of the breach incident on the affected persons, all of whom are to be notified of the breach by the council,” it said.

In a report to councillors at last night’s city council meeting, council chief executive Ann Doherty said investigations to date suggest that the data of approximately 5,000 customers may have been accessed.

She said that once the data breach was identified, ParkMagic immediately addressed the breach and the council arranged for cybersecurity experts from KPMG to be on site at ParkMagic’s headquarters in Limerick on Saturday.

“Further detailed investigation is ongoing by Park Magic and KPMG on behalf of Cork City Council,” said Ms Doherty.

Once we are in a position to release further details we will do so — initially to the individual customers affected. However, it is expected that the detailed investigations will take some time.

The council’s head of IT, Ruth Buckley, said councils are almost under constant cyber attack.

She said on the basis of expert advice, she has been told not to disclose the exact nature of the attack to limit vulnerability to future attacks.

The Cork City Park by Phone service was introduced in May 2015. It has some 31,000 subscribers.

More on this topic

Data Protection Commissioner says GDPR shouldn't prevent publication of ministers' pensions

Investigations into 15 tech companies have been opened as data breaches increase 70%

Department of Social Protection won’t release report on services card

Data protection laws make finding candidates for local elections more difficult

More in this Section

Over 9,000 arrests in crime crackdown under Operation Thor

Shivs and Shanks: Exhibition of improvised weapons goes on display on Spike Island

Prisons seek to ease fears over backlog of sex offenders for treatment programme

Cystic fibrosis patients call for new hospital facilities


Debate: Should you drink in front of your children?

Interiors profile: Senior Designer at DFS Rob Ellis

Are you drinking out of the right wine glass?

Tempted to renovate your home? TV’s Kunle Barker shares 4 top tips for getting started

More From The Irish Examiner