More than 5,000 affected by Park by Phone data breach

More than 5,000 people have been affected by the data breach at Cork City’s Park by Phone service, it emerged last night.

More than 5,000 affected by Park by Phone data breach

More than 5,000 people have been affected by the data breach at Cork City’s Park by Phone service, it emerged last night.

Cybersecurity experts are assisting with an investigation into the breach and steps have been taken to secure the service, which is provided to the city council under contract by ParkMagic.

While the reported breach occurred last Thursday and was notified to the relevant authorities and to the public on Friday, it has emerged that the first instance of the breach occurred in May.

The details emerged in a report to city councillors and in a statement from the Data Protection Commission (DPC).

The DPC said it was notified by the city council of the personal data breach last Friday.

While no personal bank account or credit or debit card details were accessed, no account balances altered, and no passwords compromised, personal data including car registration numbers, email addresses, and mobile phone numbers may have been compromised.

There has been no impact on the operation of the service.

The DPC said the data breach was a result of an APP credential being compromised.

In a statement, it said: “The council reports that this compromised login allowed a third party to effectively masquerade as an APP on the desktop and automate access attempts and that the first instance of this breach occurred on May 22, 2018.

The DPC said the council has informed gardaí about the breach, describing it as the “unauthorised access and retention of the personal data and the fraudulent use of parking credit”.

“The council is currently taking steps to mitigate the consequences of the breach incident on the affected persons, all of whom are to be notified of the breach by the council,” it said.

In a report to councillors at last night’s city council meeting, council chief executive Ann Doherty said investigations to date suggest that the data of approximately 5,000 customers may have been accessed.

She said that once the data breach was identified, ParkMagic immediately addressed the breach and the council arranged for cybersecurity experts from KPMG to be on site at ParkMagic’s headquarters in Limerick on Saturday.

“Further detailed investigation is ongoing by Park Magic and KPMG on behalf of Cork City Council,” said Ms Doherty.

Once we are in a position to release further details we will do so — initially to the individual customers affected. However, it is expected that the detailed investigations will take some time.

The council’s head of IT, Ruth Buckley, said councils are almost under constant cyber attack.

She said on the basis of expert advice, she has been told not to disclose the exact nature of the attack to limit vulnerability to future attacks.

The Cork City Park by Phone service was introduced in May 2015. It has some 31,000 subscribers.

More in this section

Puzzles logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day. PS ... We would love to hear your feedback on the section right HERE.

Salad Food Dish

Let Me Tell You is a new bespoke podcast series from 

Hosts Daniel McConnell and Paul Hosford take a look back at some of the most dramatic moments in recent Irish political history from the unique perspective of one of the key players involved.

Bespoke political podcast series from