Thousands Left Exposed After Calgary Parking Authority Data Breach

Aiden Pasychny, Contributor
In July 2021, Calgary Parking Authority (CPA) suffered a damaging cyber security breach that disclosed customers’ private data. Initially, CPA stated that the exposed information was limited to just 12 Calgarians but now they have revealed that 145,895 Calgarians are affected by this breach.
An investigation held by the Calgary Parking Authority reveals that “customers could have been accessed during the incident including elements of: names; emails; usernames; combined information elements of licence plates, validation tag numbers, vehicle information, residential address, and violation ticket information; and parking ID numbers.”
A statement released by the CPA states “the data accessible to external parties was secured within 20 minutes of us becoming aware of the incident.”
However, CBC News has reported that CPA says the breach lasted between May 13 and July 27, 2021.
CBC News also reports that “the CPA initially said only 12 customers had their data compromised. But on [Sept.26], it confirmed that the figure was well over 100,000.”
Some experts are shocked this happened at all. In an interview with CBC News, North Alberta Institute for Technologies chair of the cybersecurity program, John Zabiuk, tells CBC News that, “people could use that information to register a vehicle under your name … or just looking up your licence plate number to find out where you live.”
Such a large breach in cyber security has prompted immediate improvements to the CPA’s security measures. One of these improvements is that the CPA now has a Cyber Secure Canada Certification.
This certification is given to businesses that follow a set of guidelines provided by the federal government through the Canadian Centre for Cyber Security.
The CPA says that “since implementing the security measures, there has been no evidence of further disclosure or misuse of the personal information that was accessible. Based on efforts undertaken by our cyber security team and partners, it is believed the risk of further disclosure is low. We will continue to monitor the situation closely.”
In the meantime, the CPA suggests that customers change their passwords regularly, monitor their accounts for suspicious activity and be vigilant when dealing with third parties who may run phishing scams.