If you need HELP, SUPPORT or just have a GDPR question please call +44 (0) 208 133 2545 or email us at firstname.lastname@example.org.
Alternatively please visit our contact page
FREE GDPR Helpline
Call +44 (0) 208 133 2545
Personal details of thousands of UK drivers ‘are exposed in huge data breach’ as car parking app used by councils across Britain shows users other motorists’ information
Following an app update, hundreds of customers using the RingGo parking tool found other people’s details when they logged into their own accounts.
Others reported being kicked out of the app even though their details were correct, or being forced to change their password.
The company has now told the MailOnline that the issue was resolved, with as many as 2000 people affected.
Some users said they were still logging in and seeing other people’s details this morning.
Chris Jeffrey, an IT consultant from Kettering, told the MailOnline: ‘I was working from home on Thursday and had just logged in to check my payment for the week.
‘After logging in and it refreshing, I could see somebody else’s details, just an email address as she hadn’t filled in her name. I could see the registration of her car, the make, model and colour and where she had been parking.
‘I tried logging out and in, but then it was showing my car but her payment details.
‘It was weird, I assumed it was just a glitch.’
Mr Jeffrey, 34, explained that users have to re-enter their security code on their card each time they pay to park, so he would not have been able to use her card with his cars.
Mr Jeffrey said having seen the problem first start on Thursday morning, it was resolved when he was sent a text asking him to reset his password as a ‘security precaution’.
Another customer, who wanted to remain anonymous, told the MailOnline he was still seeing other people’s details when he logged in on Saturday morning.
He said: ‘I can’t delete my payment details as a security measure because I can’t see them. I have to decide whether to go through the hassle and inconvenience of stopping my cards and changing my phone number.’
The customer said he had alerted RingGo to the problem on multiple occasions, and had been told it was fixed with the ‘relevant authorities alerted’, but the issues continued after this email.
On Twitter, app users complained of seeing people personal payment details, as well as the cars they had registered with the company.
One customer was called by another who had seen his phone number on the screen when he logged in with his details.
Apple users also left poor reviews on the app’s page in the store to vent their frustrations after the problems.
RingGo said the problem affected a maximum of 2,000 people of the 18,000 who downloaded the new app on Tuesday, or updated it.
Users in Edinburgh, Bedford, Hampshire, Northampton and Stratford were among those complaining of errors when the app update launched.
It also appears the company used a designer who had never built an commercial app before to update their system.
Designer Phil Boulton tweeted ‘My first iOS app went live yesterday! Check out the new @RingGo_parking app’ on April 12.
RingGo has since clarified that Mr Boulton only worked on the user side, and the technical details were the responsibility of ‘an in-house team with many years’ experience’.
The problem first happened after an update on April 12 and 13, and most customers should see issues resolved by this evening.
On the app’s iStore, an update reads: ‘Fixed critical issue causing iOS 8.x users to experience difficulty using the app.
‘Fixed issue where some permit zones would not find a session cost.’
The parking app allows drivers to register several cars and pay to park them in hundreds of locations across the country using their phone.
Each parking meter has a unique number which the motorist must book the car into.
A RingGo spokesman said: ‘RingGo cashless parking released a new version of our iPhone app late on Tuesday 11 April.
‘This all appeared to be working fine on Wednesday but on Thursday, during the peak rush hour, a glitch in the way the new app addressed the database meant that a small number of drivers were able to see high level details of other people’s accounts. As soon as the issue came to our attention we ran a fix and by 0930 no additional motorists’ info could be viewed.
‘We believe the actual number of people who have been directly impacted is around 600. We are in the process of clearing all personal details from the 600 accounts and asking them to resubmit their info. Until this process is complete some users may still see the wrong details. This error is totally unacceptable and we apologise sincerely to those affected.
‘There were 1400 other accounts potentially affected as they were parking at the time the incident began. As a precaution we have disabled their passwords and contacted them with a new PIN so they can reset their passwords.
‘We can assure customers that no useable payment card information was displayed – only the last 4 digits are shown. Some personal data could have been visible, such as name, email, mobile, car registration, parking history and address (although for a large number of our users we do not hold any address information). It would not be possible to use another’s account to pay for a parking session.
‘We take the security of our customers’ data extremely seriously and a full investigation into the root cause is taking place so that this issue will not happen again.
‘We followed standard data incident procedures and have already submitted a report covering this data issue to the ICO. We have also contacted, by email, phone and SMS, those affected.’
The original article (and image) was originally posted here: http://www.dailymail.co.uk/news/article-4413852/Personal-details-UK-drivers-exposed-huge-data-breach.html