An app that can be used to pay for parking meters in Minneapolis experienced a data breach in March, MPLS Parking app said in an email to users Wednesday.
"In March, ParkMobile, the developer of the MPLS Parking app, became aware of a cybersecurity incident linked to a vulnerability in a third-party software which we use," MPLS Parking said.
MPLS Parking "immediately launched" an investigation with a "leading cybersecurity firm" to address the incident and eliminated the third-party vulnerability.
The email was used to update users on the investigation's findings, with MPLS Parking saying no credit card information and no data related to a user's parking transaction history was accessed.
MPLS Parking says only "basic user information" was access in the breach, including license plate numbers, email addresses, phone numbers and vehicle nicknames (if provided by the user). A "small percentage of users" also had their mailing addresses affected.
Encrypted passwords were accessed but not the keys required to read said passwords, with MPLS Parking noting it does not collect Social Security numbers, driver's license numbers, or dates of birth.
Users can change their passwords in the settings section of the app or online here, with the email recommending that people use a unique password for every different online account.
"We continue to maintain our security and monitor our systems," the email said, noting they've notified the proper law enforcement authorities. "As the largest parking app in the U.S., the trust of our users is our top priority. Please rest assured we take seriously our responsibility to safeguard the security of our users’ information."
In a statement to Bring Me The News, the City of Minneapolis said:
"ParkMobile is contracted with the City to provide an MPLS Parking branded version of their mobile payment app to customers for making parking meter payments. There was no breach of any City networks or the data the City receives for payments. The profile information that was exposed in the breach was contained within ParkMobile systems that are not integrated with any City systems. The City is coordinating with ParkMobile to ensure proper legal notifications are made to affected users of the app."
There have been about 430,000 total downloads of the MPLS Parking app but the city typically sees about 100,000 unique users in an average month, city spokesperson Sarah McKenzie told BMTN.
The breach was not specific to the MPLS Parking app, but impacted all ParkMobile app accounts including the one Minneapolis uses.