Nearly 150K customer records accessed during 2021 data breach: Calgary Parking Authority

Nearly 150,000 Calgary Parking Authority customers had some of the personal information breached in 2021, the CPA has revealed.

Monday morning, the city-owned subsidiary apologized for the data breach.

“Protecting access to our systems, and the safety and security of your personal information is a top priority for us,” interim general manager Chris Blaschuk said in a statement. “This was an unfortunate, isolated incident; however, we have worked closely with our partners to strengthen our cybersecurity protections and mitigate incidents of a similar nature from occurring in the future.”

Read more: 12 customers impacted after Calgary Parking Authority server was publicly accessible for 2.5 months

In the 20-minute window the data was accessed, an investigation that included a third-party cybersecurity expert found 145,895 customer files could have been accessed, with data such as:

Story continues below advertisement

  • names
  • emails
  • usernames
  • combined information elements of licence plates, validation tag numbers, vehicle information, residential address, and violation ticket information
  • and CPA ParkingID numbers.

It’s the same incident originally reported to the public in July 2021, where it was originally thought that only 12 customers had their names, email addresses and encrypted passwords accessed when a misconfigured server was publicly accessible for about two and a half months.

Click to play video: 'Some Calgary homeowners demand city reverse parking tickets' Some Calgary homeowners demand city reverse parking tickets

Some Calgary homeowners demand city reverse parking tickets – Sep 6, 2022

The CPA said since implementing cybersecurity measures, there has been no evidence of further breaches.

“We believe there is a low risk that the elements of personal information may be further exposed. We continue to monitor the situation closely,” Blaschuk said.

“We sincerely appreciate your understanding and regret any distress this incident may have caused.”

Story continues below advertisement

Read more: Calgary charity hit by data breach says it responded appropriately despite client concerns

The parking authority has also obtained a CyberSecure Canada Certification – which includes controls for small and medium organizations to protect their data, networks and customers – and advises all Calgarians to protect themselves from cyber threats by:

  • changing passwords regularly, not using easy-to-guess passwords and not using the same password for multiple accounts
  • monitoring accounts and reporting suspicious activity to police and the Canadian Anti-Fraud Centre
  • being vigilant against phishing – the gathering of information by third parties by deception and fake websites

The CPA also noted a report of the breach has been filed with the Office of the Information and Privacy Commissioner of Alberta.

Advertisement

© 2022 Global News, a division of Corus Entertainment Inc.

View original article here Source