British Parking Authority Exposes Car Info, Location through Site Bug
A car parking contractor in the UK has inadvertently exposed driver and car information following a security incident with its website.
According to The Register, the UK Parking Control (UKPC) has made available to the public pictures of cars parked in the lots they manage, including clearly visible plate numbers, identification cards and – in some circumstances – the car’s location.
Whenever a car is parked without paying the parking fee, a picture of the vehicle is taken by the UKPC to serve as proof of infringement. These pictures are then stored in the company’s database and accessible on a page with a specific URL. However, reports claim that these pictures can become readily available to another ticket recipient by simply manipulating the URL.
These pictures often state the location it was taken, which reveals the whereabouts of the driver. The report also states that some pictures were scraped off the UKPC website date back in 2009, so the pool of information that may have been exploited is considerable.
“We have recently been made aware of a possible data breach involving UKPC, and are now making enquiries into the circumstances of the alleged breach before deciding what action, if any, needs to be taken,” said a UKPC representative in a quote for The Register.
Car location and pictures of the goods they transport (including persons) are extremely sensitive in Europe. For instance, Romanian authorities have stopped mailing images taken with radar cameras because of the privacy implications that result from the exposure of the passenger’s face.