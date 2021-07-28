U.S. markets close in 3 hours 16 minutes

  • S&P 500

    4,397.09
    -4.37 (-0.10%)
     

  • Dow 30

    34,928.58
    -129.94 (-0.37%)
     

  • Nasdaq

    14,741.24
    +80.66 (+0.55%)
     

  • Russell 2000

    2,212.55
    +20.72 (+0.95%)
     

  • Crude Oil

    72.26
    +0.61 (+0.85%)
     

  • Gold

    1,799.50
    -0.30 (-0.02%)
     

  • Silver

    24.92
    +0.27 (+1.08%)
     

  • EUR/USD

    1.1816
    -0.0010 (-0.08%)
     

  • 10-Yr Bond

    1.2580
    +0.0240 (+1.94%)
     

  • GBP/USD

    1.3883
    +0.0005 (+0.03%)
     

  • USD/JPY

    110.0380
    +0.2710 (+0.25%)
     

  • BTC-USD

    39,832.23
    +1,854.09 (+4.88%)
     

  • CMC Crypto 200

    936.08
    +6.15 (+0.66%)
     

  • FTSE 100

    7,016.63
    +20.55 (+0.29%)
     

  • Nikkei 225

    27,581.66
    -388.56 (-1.39%)
     

Calgary's parking authority exposed driver's personal data and tickets

Zack Whittaker
·3 min read

If you parked your car in one of the thousands of parking spots across Calgary, there's a good chance you paid the Calgary Parking Authority for the privilege. But soon you might be hearing from the authority after a recent security lapse exposed the personal information of vehicle owners.

The parking authority oversees about 14% of the paid parking spots in the Calgary region, and lets drivers pay to park their cars by a parking kiosk, online, or through the phone app by entering their vehicle's license plate and their payment details.

But a logging server used to monitor the authority's parking system for bugs and errors was left on the internet without a password. The server contained computer-readable technical logs, but also real-world events like payments and parking tickets that contained a driver's personal information.

A review of the logs by TechCrunch found contact information, like driver's full names, dates of birth, phone numbers, email addresses and postal addresses, as well as details of parking tickets and parking offenses — which included license plates and vehicle descriptions — and in some cases the location data of where the alleged parking offense took place. The logs also contained some partial card payment numbers and expiry dates.

None of the data was encrypted.

Because the server's data was entangled with logs and other computer-readable data, it's not known exactly how many people had their information exposed by the security lapse. (In 2019, the Calgary Parking Authority issued more than 450,000 parking tickets, up by 69% in five years.)

Security researcher Anurag Sen found the exposed server and asked TechCrunch for help in reporting it to its owner. The server was secured on Tuesday, a day after TechCrunch contacted the authority.

A spokesperson for the authority confirmed that the server was exposed since May 13, though data seen by TechCrunch shows records dating back to at least the start of the year. The authority also told TechCrunch that the exposure was due to human error and that it was investigating its logs to determine if anyone else had access to the server.

"We at the CPA take this very seriously," said Moe Houssaini, the acting general manager for the Calgary Parking Authority, told TechCrunch in a statement. "Any public access has been disabled and we are actively investigating to determine what exact data was impacted and what unauthorized access may have occurred. We apologize to our customers and will be reaching out to all individuals who may have been impacted. Protecting the security of our systems and privacy of our customers is a top priority of the CPA. It was an isolated error, and the database has now been secured. We are reviewing our procedures to ensure that this does not happen again," said Houssaini.

The Calgary Parking Authority recently made headlines after it canceled more than a thousand parking tickets for drivers who were attending a COVID-19 vaccination center in the city.

Earlier this year, New York-based cashless parking startup ParkMobile reported a data breach that saw personal account information and license plates on some 21 million customers taken by hackers. The company blamed the breach on a vulnerability in an unspecified piece of third-party software.

Read more:

You can send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop.

Recommended Stories

  • China Targets Mobile Pop-Ups in Latest Tech Crackdown

    (Bloomberg) -- China ordered Tencent Holdings Ltd. and 13 other developers to rectify problems related to pop-ups within their apps, adding to a wide-ranging crackdown on the country’s tech sector.The companies must address the “harassing” pop-up windows, which could contain misleading information or divert users away from the apps, the Ministry of Industry and Information Technology said in a statement on Wednesday. The 14 services, including an e-books app by Tencent’s QQ and a video platform

  • Have we reached peak Apple? Some say the company is just getting started

    A standout quarter for Apple Inc. has analysts wondering whether we've seen peak Apple—or whether the smartphone giant is still "early" in its journey of smartphone dominance.

  • Google unveils its proposed 'safety section' for apps on Google Play

    In the wake of Apple's advances into consumer privacy with initiatives like App Tracking Transparency and App Store privacy labels, Google recently announced its own plans to introduce a new "safety section" on Google Play that offers more information about the data apps collect and share, and other security and privacy details. In May, Google explained the safety section would be designed to easily communicate to users how apps are handling their data so they could make informed choices. It said app developers would need to disclose to users whether their app uses security practices like data encryption, whether it follows Google Play's Families policy for apps aimed at kids, whether users have a choice in data sharing, whether the app's safety section had been verified by a third party, and if the app allowed users to request data deletion at the time of uninstalling, among other things.

  • Feline okay? The app that tells you if your cat's happy

    Cat owners who love to take pictures of their furry friends now have a new excuse to pull out their smartphones and take a snapshot: it may actually help the cat. A Calgary, Alberta, animal health technology company, Sylvester.ai, has developed an app called Tably that uses the phone's camera to tell whether a feline is feeling pain. A 2019 study published in peer-reviewed journal Scientific Reports found that the so-called 'feline grimace scale,' or FGS, is a valid and reliable tool for acute pain assessment in cats.

  • Kitten uses up 2 of its 9 lives during daring highway rescue

    A kitten who somehow found its way into the middle lane of a highway and then into the undercarriage of a car is now safe and sound.

  • Beijing Gives Tech Investors a Brutal New Tutorial

    Anyone who bought into Chinese internet stocks hoping for a bounce following the dramatic fall from grace of ride-hailing giant Didi has been taught another painful lesson this week.

  • Tencent Suspends WeChat User Registrations Amid Tech Fears

    (Bloomberg) -- Tencent Holdings Ltd. said it was suspending new user registrations for its WeChat services, adding to uncertainty for the technology sector that’s in the midst of a two-day selloff.WeChat, which already has more than 1 billion users, is undergoing a “security technical upgrade” in accordance with relevant laws and regulations, Tencent said in an online statement. It expects to resume new individual user registrations around early August.Investors have fled Tencent and its interne

  • Binance founder willing to go, as pressure mounts

    FRANKFURT (Reuters) -Binance founder Changpeng Zhao said he was willing to step down whenever he finds a successor who can do a "better job", as one of the world's biggest cryptocurrency exchanges, under pressure from regulators around the world, sought to reinvent itself. Zhao made the remarks after Binance came under concerted scrutiny from regulators worried that its cryptocurrency exchanges could be used for money laundering or that investors fall victim to scams and runaway bets. Financial authorities in Britain, Germany, Hong Kong, Italy, Japan, Lithuania and Thailand have all recently raised concerns about Binance.

  • Universal access to high-speed internet will make home-based work more productive, study

    More people will work from home in the future - and if high-quality internet access is available to all Americans, that could lead to a sustained boost in worker productivity which could increase economic output by $160 billion a year. That’s the main conclusion of a new study released Wednesday by the Aspen Economic Strategy Group.

  • Secret Network Adds Private Governance to Its DeFi Project

    The practical implications of private DeFi governance may lead to more questions than answers.

  • Cogeco connects 3,595 homes and businesses to high-speed Internet

    Cogeco Connexion, a subsidiary of Cogeco Communication Inc. (TSX: CCA) is proud to announce that residents and businesses in Hastings County will be able to access high-speed Internet through an $8.8 million joint investment with the Government of Ontario. This includes the City of Belleville, the Township of Stirling-Rawdon, the Municipality of Centre Hastings, and the Municipality of Tweed.

  • Choosing Who We Trust

    Oracles, algorithms and blockchains provide an alternative to a system where you have to form all-or-nothing business relationships.

  • Google passes on 2% “Regulatory Operating Cost” for ads served in India and Italy

    Google will start applying the surcharge beginning on October 1. Please visit Search Engine Land for the full article.

  • Atera raises $77M at a $500M valuation to help SMBs manage their remote networks like enterprises do

    When it comes to software to help IT manage workers' devices wherever they happen to be, enterprises have long been spoiled for choice -- a situation that has come in especially handy in the last 18 months, when many offices globally have gone remote and people have logged into their systems from home. Today, a startup called Atera that has been building remote, and low-cost, predictive IT management solutions specifically for organizations with less than 1,000 employees, is announcing a funding round of $77 million -- a sign of the demand in the market, and Atera's own success in addressing it. The investment values Atera at $500 million, the company confirmed.

  • Indonesia's BRI Life probes reported data leak of two million users

    BRI Life, the insurance arm of Indonesia's Bank Rakyat Indonesia (BRI), said on Tuesday it was investigating claims that the personal details of over two million of its customers had been advertised for sale by unidentified hackers. Hudson Rock, a cybercrime monitoring firm, told Reuters that it had found evidence which showed that multiple computers belonging to BRI and BRI Life employees had been compromised. "We are checking with the team and will provide an update as soon as the investigation is done," BRI Life CEO Iwan Pasila said in a text message.

  • Disney+ is launching a mobile-only plan in India that costs $6.70 per year

    Disney+ is launching three new subscription plans in India, including a mobile-only tier that costs $6.70 per year.

  • UPDATE 2-White House wants broadband funding in infrastructure bill -sources

    A bipartisan group of senators and the White House are debating extending a program started early in the COVID-19 pandemic to help lower-income Americans get broadband access by tucking it into the $1.2 trillion infrastructure package, according to two sources familiar with the discussions. Lawmakers passed a $3.2 billion emergency program last year to help struggling Americans secure broadband internet access during the pandemic. The program provides a discount of up to $50 per month toward broadband services to eligible households and up to $75 per month for households on tribal land, plus a one-time discount of up to $100 for a computer or tablet.

  • NSA: Rebooting often can thwart phone hackers

    At a time of widespread digital insecurity, it turns out that the oldest and simplest computer fix there is, turning a device off then back on again, can thwart hackers from stealing information from smartphones, according to the NSA. (July 28)

  • Element, a messaging app built on the decentralized Matrix protocol, raises $30M

    Element has picked up $30 million in a Series B round of funding. Matthew Hodgson, Element's CEO and the technical co-founder of the open source, nonprofit Matrix protocol, also said that some will be used to continue investing in the company's peer-to-peer architecture to eliminate any need for servers. Cloud revenues grew 300% in the last 12 months, and although the company didn't disclose how much that is in actual money, it's a sign that Element is growing (another reason for taking funding now, even though as co-founder Amandine Le Pape noted, it didn't need it).

  • Amazon faces satellite broadband setback as regulator weighs new rules

    Amazon has been dealt a setback to its plans to use a constellation of internet satellites to beam broadband to Britain after Ofcom said it would raise the bar for licence applications. The regulator said it would require operators such as Amazon, OneWeb and Elon Musk’s Starlink to demonstrate that their services will not interfere with existing satellite broadband networks when they apply for new licences. The proposals, which come amid concerns that the satellite internet providers will interf