Calgary Drivers’ Personal Data Exposed in Data Security Breach

Exploit: Misconfiguration
Company: Calgary Parking Authority (CPA)
Industry: Government, Municipal
Sources: https://calgaryherald.com/news/local-news/calgarians-personal-data-exposed-in-parking-authority-security-breach

A recent data breach, caused by a misconfigured server, exposed the personal information of vehicle owners. Reports show that the server belonging to the Calgary Parking Authority (CPA), which was used to monitor the authority’s parking system for bugs and errors, was left unsecured in what seems to be an overlooked security error.

Cyber security researcher, Anurag Sen, who found the breach told Postmedia the “server was exposed without any password protection. Anyone with the server URL can access it.” Sen noted the server contained computer-readable technical logs with large amounts of data exposed including payments, parking tickets & offenses, drivers’ personal data (names, addresses, vehicle descriptions, etc.), and in some cases payment details. In total the 500 GB server was estimated to contain entries of more than 100, 000 users. While Postmedia could not view or confirm the data contents, screen shots were provided by Sen to verify what was seen.

Upon learning about the exposed data, the CPA acted quickly and said they fixed the issue on the same day. Although details of how the unencrypted server was left exposed and who is responsible are not yet clear, a full investigation of the blunder is underway.

Find out how we can help you defend your business against modern cyber threats.

More than ever, organizations of all sizes have been facing a historical rise in cyber attacks and data breaches. Talk to a cyber security expert today and find out how we can provide expert consulting and a portfolio of Cyber Security solutions designed to protect your organization against today’s most prevalent threats.