fbpx

ParkMobile Exposure of Users’ PII in Data Breach Class Action

ParkMobile, LLC and ParkMobile USA, Inc. offer parking-related services to consumers in the US. In order to become users, consumers must provide their personally identifiable information (PII) to ParkMobile and create accounts. The complaint alleges that ParkMobile failed to properly protect customers’ PII and permitted a data breach of its systems that compromised the information customers had provided.

The Nationwide Class for this action is all individuals in the US whose PII was compromised in the ParkMobile data breach, which occurred around March 2021. Also proposed is a California Class, which is all individuals living in California whose PII was compromised in the ParkMobile data breach, which occurred around March 2021.

Through its app, ParkMobile offers parking services, such as enabling users to pay for parking at a meter from their mobile device, extend time on a meter, or reserving a parking spot at their destinations. It also provides information on parking, such as whether a location has charging facilities for electric vehicles, valet parking, or onsite security. A fee of 99 cents per month provides additional advantages, such as discounts on car washes or car rentals.

On March 26, 2021, ParkMobile told users that it “recently became aware of a cybersecurity incident linked to a vulnerability in a third-party software that we use.” It claimed that its “investigation indicates that no sensitive data or Payment Card Information, which we encrypt, was affected.”

An update the following month claimed that “encrypted passwords, but not the encryption keys needed to read them, were accessed.” Also accessed were license plate numbers and, if users had provided them, e[-]mail addresses, phone numbers, and vehicle nicknames. Some users’ addresses had also been accessed.

The complaint alleges, “The PII obtained from ParkMobile has already been listed for sale on a Russian crime forum for $125,000. This PII can then be used to commit cybercrimes” against ParkMobile’s users—a group that the complaint says includes roughly 21 million users.

According to the complaint, “Had ParkMobile remedied the deficiencies in its information storage and security systems, followed industry guidelines, and adopted security measures recommended by experts in the field, ParkMobile could have prevented intrusion into its information storage and security systems and, ultimately, the theft of [its users’] confidential PII.”

The Federal Trade Commission (FTC) regards a company’s failure to provide reasonable and appropriate data security for customer information as an “unfair practice” that violates the FTC Act. It publishes guidelines for businesses on how to protect personal information and has brought enforcement action against companies who have failed to take reasonable and appropriate measures to protect data.

The complaint also invokes the California Consumer Privacy Act as a cause of action.

Among other things, the complaint “seeks an order requiring ParkMobile to provide identity theft protective services to [the victims] for their lifetimes…”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

ParkMobile Exposure of Users’ PII in Data Breach Complaint

July 1, 2021

ParkMobile, LLC and ParkMobile USA, Inc. offer parking-related services to consumers in the US. In order to become users, consumers must provide their personally identifiable information (PII) to ParkMobile and create accounts. The complaint alleges that ParkMobile failed to properly protect customers’ PII and permitted a data breach of its systems that compromised the information customers had provided.

ParkMobile Exposure of Users’ PII in Data Breach Complaint

Case Event History

ParkMobile Exposure of Users’ PII in Data Breach Complaint

July 1, 2021

ParkMobile, LLC and ParkMobile USA, Inc. offer parking-related services to consumers in the US. In order to become users, consumers must provide their personally identifiable information (PII) to ParkMobile and create accounts. The complaint alleges that ParkMobile failed to properly protect customers’ PII and permitted a data breach of its systems that compromised the information customers had provided.

ParkMobile Exposure of Users’ PII in Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy