More than 145,000 Calgarians had some of their personal data exposed last year after submitting it to pay for parking, says the Calgary Parking Authority (CPA).
CPA released a public apology on Sept. 26 for the mishap that happened back in July 2021, saying it potentially impacted 145,895 customers. The statement did not specify how long the information was accessible, but CPA said that they secured the vulnerability within 20 minutes after discovering it.
“The server was exposed without any password protection,” Security Researcher Anurag Sen told Postmedia back in July 2021. “Anyone with the server URL can access it.”
CPA said that after finding the breach, they conducted an investigation with the City of Calgary and a third-party cyber security expert to determine the extent of the incident and identify what personal information was exposed.
It said that the data that could have been accessed during the breach included “elements of names; emails; usernames; combined information elements of licence plates, validation tag numbers, vehicle information, residential address, and violation ticket information; and ParkingID numbers.”
“Protecting access to our systems, and the safety and security of your personal information is a top priority for us,” said the CPA’s interim general manager, Chris Blaschuk, in the statement.
“This was an unfortunate, isolated incident; however, we have worked closely with our partners to strengthen our cyber security protections and mitigate incidents of a similar nature from occurring in the future,” he added.
The apology also mentioned that CPA has obtained CyberSecure Canada certification, and additional security measures are now implemented.
“We believe there is a low risk that the elements of personal information may be further exposed. We continue to monitor the situation closely,” Blaschuk said.
CPA manages almost 7,000 parking spots on the street and over 10,000 in lots and parkades. Approximately 14 percent of all paid parking in Calgary goes through CPA.
