Europe’s Largest Parking App Provider Informs Customers of Data Breach

EasyPark says hackers stole European customer information, including partial IBAN or payment card numbers.

EasyPark Group, Europe’s largest parking application operator, has disclosed a data breach impacting customer information.

The company determined on December 10 that it was targeted in a cyberattack and an investigation revealed that “non-sensitive customer data” had been compromised.

Data stolen by hackers includes name, phone number, physical address, email address and partial IBAN or credit/debit card numbers.

“When you pay for parking with a credit card/debit card or IBAN, some digits of the card you chose are displayed. These partial details were accessed. However, someone cannot make payments using this incomplete information,” the company explained, adding, “No combination of this stolen data can be used to perform payments.”

The incident did not result in unauthorized parking transactions and parking data such as location, vehicle registration and parking sessions was not compromised.

EasyPark said it took quick action to stop the attack and its services were not disrupted. Authorities have been notified of the incident.

Customers have been told that while they do not need to take any action in response to the incident, they should be on the lookout for phishing attempts.

EasyPark’s parking applications work in over 4,000 cities across more than 20 countries and are used by millions of people.

The Guardian reported that a majority of impacted customers are users of the EasyPark app in Europe. The total number of affected individuals is unknown, but EasyPark did say that 950 RingGo users in the United Kingdom are impacted. The US brand ParkMobile is not affected. 

The firm said it had not received a ransom demand. EasyPark does not appear to have been listed on any ransomware group’s leak website as of December 29.

RelatedLoanCare Notifying 1.3 Million of Data Breach Following Cyberattack on Parent Company 

RelatedCBS Parent National Amusements Discloses Year-Old Data Breach

RelatedInmate, Staff Information Stolen in Rhode Island Prison Data Breach

Reporting By Eduard Kovacs Managing Editor at SecurityWeek, 29th December 2023