EasyPark Data Breach

Published: December 14, at 21:00 CET
Updated: January 18, at 10:00 CET

Update on EasyPark data breach
We had a data breach on December 10. Our analysis confirms that hashed versions of user passwords were also part of the data breach. We are contacting affected customers because we care and want to be transparent.

What is password hashing?
Password hashing means converting a password through an algorithm to turn it into an unintelligible series of characters. This is to protect the confidentiality of the password and also protect it against any unauthorized use.

hashed password

What have we done?
We reset the passwords for all affected customers on December 10 upon discovering the data breach and as a part of our standard incident response.

What actions should affected customers take
Although the passwords were hashed and reset, we encourage affected customers to change their password on any other platform where they have used the same password. Another way of keeping passwords secure and unique is through a password manager. We are committed to doing everything to earn our customers’ trust back by protecting their data and are sorry for the inconvenience this issue may cause to our customers.

This is what happened

On December 10, 2023, we discovered we were the victim of a cyber attack. The attack resulted in a breach of non-sensitive customer data. We deeply care about our customers and want to make sure you are fully informed about this incident. Here is what we have done.

Check out the FAQ’s below or go to our support page if you have any questions.

1. We took actions to protect you.
  • We took swift measures to stop the cyber attack.

  • We made sure our services continued to operate as usual.

  • We notified the appropriate authorities.

  • We reset the passwords for all affected customers on December 10 upon discovering the data breach and as a part of our standard incident response.

  • Our security team, including external security experts, is working hard to ensure effective security and privacy measures are in place.

2. We are making you aware.
  • Some of you were affected by the data breach. We are reaching out to all affected customers.

  • If you were affected, some contact information you may have provided to us (such as name, phone number, physical address, and/or email address) were accessed.

  • A few digits of your IBAN or credit card number are, if applicable, part of your information and -if you were affected by this data breach- this partial data has been accessed. However, one cannot make payments with this incomplete data.

  • No combination of this stolen data can be used to perform payments.

  • As always, you should be mindful of phishing attempts, which are unfortunately common.

3. We are sorry.

At EasyPark Group, we take protecting your privacy seriously and strive to deliver the best possible experience for you. Experiencing a data breach naturally creates concerns for all of us.

We are deeply sorry this happened and will continue to work hard every day to earn your trust.

Sandesh Bhat
Chief Technology Officer
EasyPark Group

Miles Hutchinson
Chief Information Security Officer
EasyPark Group

If you have further questions, please contact our Customer Care.

Also, see our Privacy Policy to learn more about privacy at EasyPark Group.

Do you have any questions?

Last updated: January 24, at 14:25 CET

Do I need to take any action?

What does a hashed password mean?

How do I know if my hashed password was accessed?

What hashing algorithm was used to hash the passwords?

If the passwords were hashed, why do I need to change it?

Why are you not informing all affected customers?

What has happened?

How do I know if I am impacted?

What actions have you taken?

What kind of data has been accessed?

Was my parking data accessed?

How can you determine that my data that has been stolen, is considered "non-sensitive"?

You say some digits of my debit or credit card have been accessed? What exactly has been accessed? And can it be used to make a payment?

Did I pay for parking I did not do?

To which data protection authorities are you reporting this incident?

What emerged from Easypark's investigation into the hack?

Does Easypark regularly have ethical hackers look for vulnerabilities in the app and database to prevent you from being hacked?

Experts have said it is a data breach on the original Parkmobile platform. Is that right?

Users had to delete the old Parkmobile app. Why was that?

There was also a data breach at Parkmobile in 2021. Has the same vulnerability been used again?

Were measures taken at the time to prevent a new data breach?