ParkMobile users: Update your account settings
From: Virginia Tech Transportation Services
University members may have received the email below from ParkMobile, denoting a recent cybersecurity incident. While only basic user information was accessed, users are encouraged to change their password within the app's settings.
Original ParkMobile email – April 22, 2021, 6 p.m.:
In March, ParkMobile became aware of a cybersecurity incident linked to a vulnerability in a third-party software which we use. In response, we immediately launched an investigation with the assistance of a leading cybersecurity firm to address the incident. We quickly eliminated the third-party vulnerability, and we continue to maintain our security and monitor our systems. Out of an abundance of caution, we also notified the appropriate law enforcement authorities.
We recently concluded our investigation and are now updating our users of the findings. Below are the key points about the incident.
- The investigation confirmed that no credit card information was accessed.
- No data related to a user’s parking transaction history was accessed.
- Only basic user information was accessed. This includes license plate numbers, as well as email addresses, phone numbers, and vehicle nicknames, if provided by the user. In a small percentage of cases, mailing addresses were also affected.
- Encrypted passwords were accessed, but not the encryption keys required to read them. We protect user passwords by encrypting them with advanced hashing and salting technologies.
- We do not collect Social Security numbers, driver’s license numbers, or dates of birth.
We take extensive measures to protect user passwords. However, as an added precaution, users can change their password in the “Settings” section of the ParkMobile app or on the web by clicking this link. We recommend always using unique passwords for different online accounts.
As the largest parking app in the U.S., the trust of our users is our top priority. Please rest assured we take seriously our responsibility to safeguard the security of our users’ information.