Nearly 150K customer records accessed during 2021 data breach: Calgary Parking Authority

Nearly 150,000 Calgary Parking Authority customers had some of the personal information breached in 2021, the CPA has revealed.

Monday morning, the city-owned subsidiary apologized for the data breach.

“Protecting access to our systems, and the safety and security of your personal information is a top priority for us,” interim general manager Chris Blaschuk said in a statement. “This was an unfortunate, isolated incident; however, we have worked closely with our partners to strengthen our cybersecurity protections and mitigate incidents of a similar nature from occurring in the future.”

In the window the data was accessed, an investigation that included a third-party cybersecurity expert found 145,895 customer files could have been accessed, with data such as:

• names
• emails
• usernames
• combined information elements of licence plates, validation tag numbers, vehicle information, residential address, and violation ticket information
• and CPA ParkingID numbers.

It’s the same incident originally reported to the public in July 2021, where it was originally thought that only 12 customers had their names, email addresses and encrypted passwords accessed when a misconfigured server was publicly accessible for about two and a half months.

Get breaking National news

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.

Sign up for breaking National newsletter Sign Up

By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

The CPA said when its team became aware of the breach, it closed it the breach, restricting further access to the data.

2:26 Some Calgary homeowners demand city reverse parking tickets

The parking authority said since implementing cybersecurity measures, there has been no evidence of further breaches.

“We believe there is a low risk that the elements of personal information may be further exposed. We continue to monitor the situation closely,” Blaschuk said.

“We sincerely appreciate your understanding and regret any distress this incident may have caused.”

The parking authority has also obtained a CyberSecure Canada Certification – which includes controls for small and medium organizations to protect their data, networks and customers – and advises all Calgarians to protect themselves from cyber threats by:

• changing passwords regularly, not using easy-to-guess passwords and not using the same password for multiple accounts
• monitoring accounts and reporting suspicious activity to police and the Canadian Anti-Fraud Centre
• being vigilant against phishing – the gathering of information by third parties by deception and fake websites

The CPA also noted a report of the breach has been filed with the Office of the Information and Privacy Commissioner of Alberta.

2:26 Calgary charity hit by data breach says it responded appropriately despite client concerns

• Calgary charity hit by data breach says it responded appropriately despite client concerns
• IKEA Canada confirms customer privacy breach
• Massive data breach at Marriott hotel chain’s reservation system serves as warning

Previous Video

Next Video