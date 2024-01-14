#Data #breach #EasyPark #consequences #risks #dangers #Checkout

Yesterday

•

reading time 4 minutes

•

Viewed 2032 times

•

save

Various personal data have been leaked due to a hack at parking app EasyPark. The company informed the victims of the leak last December. This does not concern sensitive information that can be used to make payments, says EasyPark Group. But what can happen with this stolen personal data? Kassa explains.

EasyPark has informed affected customers of the data breach via e-mail. In it, the company announced that hackers have gained access to one or more of the following data. This includes names, telephone numbers, home addresses, e-mail addresses and single digits of credit card numbers or the IBAN.

Personal data is given in confidence, but is not well protected

In the Netherlands, about three million people use EasyPark. They thus entrust their personal data to the company. Journalist and presenter Roos Abelman is one of these customers: she is a victim of the data breach. Abelman says she goes to “a lot of trouble” to protect her private information

“I have protected my address with the Chamber of Commerce. I have had my address removed from all websites where my address was listed. And online I ensure that my house, my children and the license plate of my car are never visible there. I am very aware of that,” says Abelman.

She is not worried about any payment information leaking, as it only concerns part of her account number. “What matters to me is that there are people – I don’t know who – who have my name and address.”

Data is not yet sold, but will it remain that way…?

Ethical hacker Sijmen Ruwhof searched the dark web for Kassa for the data captured in the attack on EasyPark. According to Ruwhof, the information cannot be found there. But that doesn’t mean it will remain that way.

“Two and a half years ago, ParkMobile, the predecessor of the current EasyPark, was hacked. The hacker then put the captured data for sale on the internet,” says Ruwhof.

“Something like 150,000 euros was asked for it. However, it was not paid for, and the hacker then decided ‘here you have it, internet, you can download it freely’. It turned out that the data breach contained 23 million different personal data. Now EasyPark is again a victim. And now the company does not say how much personal data is involved. It could be that it turns out to be another extensive leak.”

Phishingmails

According to Ruwhof, EasyPark customers should be wary of phishing emails that are written in a personalized manner, for example with a personal salutation or other information that can be traced back to you. “In the data breach, your name, your telephone number, your address and a few digits from your bank account were stolen. You can use this to send very realistic phishing emails,” says Ruwhof.

Such an email can, for example, be sent on behalf of your bank. Then, for example, it concerns something like a direct debit, and if such a fake email contains real, correct information such as your name, address and the last few digits of your bank account number, it can look very legitimate, according to Ruwhof. He continues: “With emails you always have to appeal to your gut feeling, such as ‘is this correct, and is this indeed something I expect?'”

Enforcement must be better: “More data leaks than fines”

Kassa also spoke with MEP Paul Tang (PvdA), who is committed to data protection. He calls for more fines for companies that do not protect data well enough against theft.

“Companies have that obligation under the GDPR. The only way to make companies feel responsible is to fine them sufficiently,” Tang said. According to him, this is a task for the Dutch Data Protection Authority, which is the supervisory authority. “The number of fines is increasing, but you also see that enforcement of that law is still insufficient. We have an interest in a society where data has become so central that there is a very good supervisor who has sufficient resources to enforce. I see more data leaks than fines.”

Somewhat in line with this, Tang also argues that companies should be required to automatically perform software updates for the products they supply. “I have to update my phone myself. Why is that not the manufacturer’s responsibility?”

EasyPark response

In a statement, EasyPark writes that the company considers the security of customer data to be important and therefore uses independent experts for digital security. The company says it has taken action to stop the attack and prevent other attacks in the future.

The data that was leaked is not sensitive data according to European regulations, says EasyPark Group.

Below you can read EasyPark’s full response, including answers to the questions that Kassa asked the company (.pdf)

More about:

easypark, parkmobile, parking app, parking apps, parking, paid parking, license plate parking, data breach, data leaks, cyber attack, hacker, hackers