Advertisement

Nearly 150K customer records accessed during 2021 data breach: Calgary Parking Authority

Click to play video: 'Nearly 150,000 customer records accessed during 2021 data breach: Calgary Parking Authority'
Nearly 150,000 customer records accessed during 2021 data breach: Calgary Parking Authority
WATCH: The Calgary Parking Authority is apologizing after revealing that nearly 150,000 customers had personal information accessed during a data breach. Jayme Doll reports. – Sep 26, 2022

Nearly 150,000 Calgary Parking Authority customers had some of the personal information breached in 2021, the CPA has revealed.

Monday morning, the city-owned subsidiary apologized for the data breach.

“Protecting access to our systems, and the safety and security of your personal information is a top priority for us,” interim general manager Chris Blaschuk said in a statement. “This was an unfortunate, isolated incident; however, we have worked closely with our partners to strengthen our cybersecurity protections and mitigate incidents of a similar nature from occurring in the future.”

Read more: 12 customers impacted after Calgary Parking Authority server was publicly accessible for 2.5 months

In the window the data was accessed, an investigation that included a third-party cybersecurity expert found 145,895 customer files could have been accessed, with data such as:

Story continues below advertisement
  • names
  • emails
  • usernames
  • combined information elements of licence plates, validation tag numbers, vehicle information, residential address, and violation ticket information
  • and CPA ParkingID numbers.

It’s the same incident originally reported to the public in July 2021, where it was originally thought that only 12 customers had their names, email addresses and encrypted passwords accessed when a misconfigured server was publicly accessible for about two and a half months.

The CPA said when its team became aware of the breach, it closed it the breach, restricting further access to the data.

Click to play video: 'Some Calgary homeowners demand city reverse parking tickets'
Some Calgary homeowners demand city reverse parking tickets

The parking authority said since implementing cybersecurity measures, there has been no evidence of further breaches.

“We believe there is a low risk that the elements of personal information may be further exposed. We continue to monitor the situation closely,” Blaschuk said.

Story continues below advertisement

“We sincerely appreciate your understanding and regret any distress this incident may have caused.”

Read more: Calgary charity hit by data breach says it responded appropriately despite client concerns

The parking authority has also obtained a CyberSecure Canada Certification – which includes controls for small and medium organizations to protect their data, networks and customers – and advises all Calgarians to protect themselves from cyber threats by:

  • changing passwords regularly, not using easy-to-guess passwords and not using the same password for multiple accounts
  • monitoring accounts and reporting suspicious activity to police and the Canadian Anti-Fraud Centre
  • being vigilant against phishing – the gathering of information by third parties by deception and fake websites

The CPA also noted a report of the breach has been filed with the Office of the Information and Privacy Commissioner of Alberta.

Advertisement

Sponsored content