Parking ticket site exploit sees just under 10,000 peoples' data leaked
A private parking company has suffered a data leak which made available the parking details of 9,721 users available online, a Sky News investigation has revealed.
PaymyPCN.net, a firm which has for nearly two decades collected parking charge notices within UK private and public car parks, has had exposed a security flaw granting backdoor access to users’ sensitive DVLA information.
Using the exploit discovered by Sky News, penalty appeal emails and images of drivers in their vehicles were leaked, in addition to a data base of customer records.
Consumer activist Michael Green, who launched the challengethefine.com campaign to get motorists fine compensation, first exposed the flaw on Twitter.
A DVLA spokeswoman told Sky News: “This is not a DVLA error. We take our duty to safeguard data very seriously and we will not compromise data security. DVLA does not hold or provide data such as photographs, emails and phone numbers to private parking companies.”
The records could be viewed online or downloaded in spreadsheet format - although the exploit has at the time of publishing been corrected.