file photo by Boyd Loving
the staff of the Ridgewood blog
Ridgewood NJ, ParkMobile, the company that operates Ridgewood’s mobile parking app, announced in March it was investigating a cybersecurity incident linked to a vulnerability in a third-party software.
The company published a notification on Mar. 26 about “a cybersecurity incident linked to a vulnerability in a third-party software that we use.”
“In response, we immediately launched an investigation with the assistance of a leading cybersecurity firm to address the incident,” the notice reads. “Out of an abundance of caution, we have also notified the appropriate law enforcement authorities. The investigation is ongoing, and we are limited in the details we can provide at this time.”
The statement continues: “Our investigation indicates that no sensitive data or Payment Card Information, which we encrypt, was affected. Meanwhile, we have taken additional precautionary steps since learning of the incident, including eliminating the third-party vulnerability, maintaining our security, and continuing to monitor our systems.”
Asked for clarification on what the attackers did access, ParkMobile confirmed it included basic account information – license plate numbers, and if provided, email addresses and/or phone numbers, and vehicle nickname.
The company’s investigation into the breach found that it included basic user information, such as license plate numbers, email addresses, phone numbers and vehicle nicknames, if provided. In some cases, mailing addresses were affected. The breach did not include credit card information or data related to a user’s parking transaction history. Encrypted passwords were accessed, but not the encryption keys required to read them.
ParkMobile completed its investigation April 15 after notifying law enforcement and eliminating the third-party vulnerability. The company encourages users to change their password in the “settings” section of the ParkMobile app or by clicking this link.