Thousands of UK drivers' details leaked through hole in parking ticket website

PaymyPCN database of names, pics was open, says report

Thousands of UK drivers have been caught up in a data breach at a UK parking firm.

A database of parking ticket details held by covering almost 10,000 motorists was mistakenly published online. A security flaw on the private parking firm's website allowed public access to names, addresses, photographs and emails.

Sol Cates, CSO at security vendor Vormetric, commented: “[The] breach at demonstrates that even with basic IT security measures in place, perimeters are still permeable."

“In this case, it appears that, while motorists’ data and fine payments were encrypted once inputted into the website, a backdoor link left the computer database wide open – providing access to private information provided to by the DVLA. Although the information was encrypted, just as important is the control of access to the encrypted information – and this is where appears to have failed," he added.

Cates warned that the compromised data might be abused to craft more convincing social engineering scams down the line.

The breach was unearthed by consumer activist Michael Green after a private parking firm “sent it to a motorist in error,” Sky News reports. reportedly took the site offline in the immediate aftermath of the breach, but it has since returned.

The company told Sky that it is "dedicated to safeguarding motorists' privacy and that transaction details entered into the site are encrypted".

Green recently launched a campaign against the enforcement of parking “fines” on private land, called, that also protests the DVLA [UK vehicle and driver licensing authority’s] sale of motorists' details to private firms. is involved in the collection of parking charge notices (PCNs), acting as an agent of both private and public sector parking operators.

El Reg asked the firm to comment but we've yet to hear back. We'll update this story as and when we learn more. ®

Other stories you might like

Biting the hand that feeds IT © 1998–2022