EasyPark, a Swedish company renowned for its parking apps, issued a notice on its website alerting users to a data breach discovered on December 10, 2023. The breach, affecting an unspecified number of its millions of users, has raised concerns about the security of personal information.
EasyPark, operating digital parking services across 20 countries and over 4,000 cities, has a substantial user base, including over 10 million downloads for its Europe-focused app on Google Play. The company’s apps, such as RingGo (UK-focused) and ParkMobile (US-focused), boast 5 million installs.
This incident follows a prior data breach in 2021, involving ParkMobile, a company affiliated with EasyPark, where data for 21 million customers was exposed and later disseminated on a hacking forum.
While EasyPark has not disclosed specific details about the breach or the number of affected users, a company spokesperson informed us that some European users, primarily those of the EasyPark app, were impacted.
According to the company’s announcement, compromised information may include names, phone numbers, physical addresses, email addresses, and partial credit card/debit cards or IBANs. EasyPark acknowledges the potential for cybercriminals to exploit this information for phishing attacks, a concern emphasized in the data breach notice.
However, EasyPark assures users that the exposed data does not pose a risk for unauthorized transactions, and no such activities have been reported following the cybersecurity incident. Affected users will receive personalized notices through in-app messages, push notifications, email, and SMS.
While the app’s services remain accessible, EasyPark’s security team is actively implementing additional security and privacy measures to contain the impact of the incident. Authorities in Sweden, the United Kingdom, and Switzerland have been notified of the data breach.
As a precautionary measure, considering the undisclosed nature of the cybersecurity incident, users are advised to reset their account passwords and extend this action to all online platforms where similar credentials may be in use.
As of the current update, no ransomware groups have claimed responsibility for an attack on EasyPark, and the company continues to address the aftermath of the breach.