Parking authority reports another privacy breach
A few days after detailing a large leak of personal information in 2021, the Calgary Parking Authority (CPA) said it has dealt with another privacy breach.
The city-owned company said a staffer inadvertently exposed the email addresses of 233 contract customers while notifying them with an apologetic email of the closure of Plus-15s at its Centennial parkade on Aug. 4.
The closures are due to construction that's expected to be completed in October.
“One of our staff made a mistake and exposed emails to parkers,” said CPA general manager Chris Blaschuk.
“We did an investigation pretty much right away. It's unfortunate.”
No other information other than CPA customers' email addresses were shared among those same customers, he said.
“That staff member received training immediately — we're constantly keeping privacy in mind and augmented that training with (enhanced) technology,” said Blaschuk.
The CPA, he added, sent an additional email to the affected customers, notifying them of the breach and advising them to delete the Aug. 4 email. Those customers were asked to acknowledge they'd been notified, which required additional notifications from the CPA in September, said Blaschuk.
One customer whose email address was exposed said he's not impressed with the effectiveness of the instructions to delete the email.
“Who knew deleted doesn't mean gone — apparently the CPA,” said the man, who didn't want his name used.
Earlier this week, the CPA said it had concluded an investigation in which the personal data of more than 145,000 people had been exposed last year.
That investigation found the personal information of 145,895 customers was accessible during the breach, which was made public in July 2021.
That data included full names, emails, usernames, vehicle information, addresses and ticket information.
The city said it didn't identify other sensitive information, such as passwords or credit card details, when investigating the breach.
It added there's been no evidence of further breaches or misuse of the exposed personal information after the privacy lapse was fixed.
That information was exposed from May 13 to July 27, 2021, with one cybersecurity consultant tweeting that he'd alerted the CPA to the leak in May.
The CPA said it hadn't received that report.
Despite the breaches, Blaschuk said CPA customers can be confident their personal information is being protected.
“We're taking as many steps as possible to keep data secure. People can park confidently and feel safe about the security of their information.”
Last week, the authority and city police warned Calgarians of a scammer using texts imitating the CPA or City of Calgary to demand recipients pay outstanding parking tickets.
Blaschuk said he hasn't heard of any arrests in the scam but reiterated the CPA doesn't contact the public through texts.