Parking app developer EasyPark has printed a discover on its web site warning of a data breach it found on December 10, 2023, which impacts an unknown variety of its hundreds of thousands of customers.
EasyPark is a Swedish firm that creates cell and internet apps that function parking area locators, reserving managers, and EV charging level finders.
The corporate operates digital parking providers in 20 international locations and over 4,000 cities, masking most of Europe, america, Australia, New Zealand, and the UK.
The EasyPark app (Europe-focused) has over 10 million downloads on Google Play, whereas its different apps, RingGo (UK-focused) and ParkMobile (US-focused), have 5 million installs every.
As reported by BleepingComputer, ParkMobile disclosed an enormous data breach in 2021 that uncovered the stolen knowledge for 21 million prospects. This database was subsequently launched without cost on a hacking discussion board.
Though a agency spokesperson has declined to offer particulars about this new breach and what number of prospects had been impacted, they advised BleepingComputer {that a} portion of European customers had been affected, indicating that the incident issues primarily EasyPark app customers.
The corporate’s announcement mentions that some prospects have had the next info compromised, relying on what they’ve offered to the platform:
- Title
- Telephone quantity
- Bodily tackle
- E-mail tackle
- Some digits of their bank card/debit card or IBAN
The above may assist cybercriminals launch efficient phishing assaults in opposition to the uncovered EasyPark customers, which the corporate warns explicitly about within the data breach discover.
Nonetheless, the corporate clarifies that the disclosed knowledge doesn’t pose a danger for executing unauthorized transactions, and no such actions have resulted from the cybersecurity incident.
Customers who’re impacted by this incident will obtain personalised notices from EasyPark by way of in-app messages, push notifications, e-mail, and SMS.
“If you wish to know in case you are affected, please open the app,” suggests the FAQ on the data breach discover.
At the moment, the app’s providers proceed to be accessible as regular, whereas EasyPark’s security workforce is implementing extra security and privateness measures to make sure that the opposed results of the incident have been contained.
The information safety authorities in Sweden, the UK, and Switzerland have been notified concerning the incident.
As a precaution, and because the nature of the cybersecurity incident stays undisclosed, it might be prudent for all customers to reset their account passwords and do the identical on all on-line platforms the place they may be utilizing the identical credentials.
On the time of writing, no ransomware teams have taken accountability for an assault on EasyPark.
Nonetheless, risk actors have already began searching for the stolen knowledge in hacking discussion board posts seen by BleepingComputer.