MILWAUKEE — The developer of the City of Milwaukee's parking app says its software was hacked, and users' license plate numbers, email addresses, phone numbers and in some instances mailing addresses were accessed by the hackers.
The MKE Park app sent out a warning to people with the app installed Thursday afternoon. In the warning, the developer of the app, ParkMobile, said that they became aware of a "cybersecurity incident linked to a vulnerability in a third-party software" they use last March. Atlanta-based ParkMobile describes itself as the largest parking app in the U.S.
ParkMobile says they launched an investigation with a cybersecurity firm to find out what happened and notified law enforcement. The developer says they have since eliminated the third-party vulnerability.
The investigation recently concluded, thus the update to app users Thursday.
Here are some of the investigation's findings, according to ParkMobile:
- No credit card information was accessed
- No data related to a user’s parking transaction history was accessed
- Only basic user information was accessed. This includes license plate numbers, email addresses, phone numbers, and vehicle nicknames, if provided by the user
- "In a small percentage of cases," mailing addresses were also affected, according to the developer
- Encrypted passwords were accessed, but not the encryption keys required to read them. The developer says they protect user passwords by encrypting them with advanced hashing and salting technologies
- The developer says they do not collect Social Security numbers, driver’s license numbers, or dates of birth
ParkMobile adds that as an added precaution, users can change their password in the “Settings” section of the MKE Park app.
