Nearly 150K customer records accessed during 2021 data breach: Calgary Parking Authority

Names, emails, usernames, combined vehicle licensing information and CPA ParkingID numbers were all accessed during a data breach, the Calgary Parking Authority said.

Nearly 150,000 Calgary Parking Authority customers had some of the personal information breached in 2021, the CPA has revealed.

Monday morning, the city-owned subsidiary apologized for the data breach.

“Protecting access to our systems, and the safety and security of your personal information is a top priority for us,” interim general manager Chris Blaschuk said in a statement. “This was an unfortunate, isolated incident; however, we have worked closely with our partners to strengthen our cybersecurity protections and mitigate incidents of a similar nature from occurring in the future.”

In the 20-minute window the data was accessed, an investigation that included a third-party cybersecurity expert found 145,895 customer files could have been accessed, with data such as:

It’s the same incident originally reported to the public in July 2021, where it was originally thought that only 12 customers had their names, email addresses and encrypted passwords accessed when a misconfigured server was publicly accessible for about two and a half months.

The CPA said since implementing cybersecurity measures, there has been no evidence of further breaches.

“We believe there is a low risk that the elements of personal information may be further exposed. We continue to monitor the situation closely,” Blaschuk said.

“We sincerely appreciate your understanding and regret any distress this incident may have caused.”