REVEALED: Personal details of thousands of UK drivers 'are exposed in huge data breach' as car parking app used by councils across Britain shows users other motorists' information
- Parking payment app RingGo suffered a security glitch after an app update
- Hundreds of customers logged in and found other people's details on screen
- Issue appears to be nationwide, with customers from Edinburgh to Hampshire affected by the breach
- RingGo has now confirmed they believe 2000 people could have been affected
Thousands of users of a parking payment app have potentially had their details shared with other customers in what is suspected to be a huge data breach.
Following an app update, hundreds of customers using the RingGo parking tool found other people's details when they logged into their own accounts.
Others reported being kicked out of the app even though their details were correct, or being forced to change their password.
The company has now told the MailOnline that the issue was resolved, with as many as 2000 people affected
Some users said they were still logging in and seeing other people's details this morning.
App users tweeted the company to complain that the data breach meant other customers had seen their mobile numbers, payment and car details
Chris Jeffrey, an IT consultant from Kettering, told the MailOnline: 'I was working from home on Thursday and had just logged in to check my payment for the week.
'After logging in and it refreshing, I could see somebody else's details, just an email address as she hadn't filled in her name. I could see the registration of her car, the make, model and colour and where she had been parking.
'I tried logging out and in, but then it was showing my car but her payment details.
'It was weird, I assumed it was just a glitch.'
Mr Jeffrey, 34, explained that users have to re-enter their security code on their card each time they pay to park, so he would not have been able to use her card with his cars.
Mr Jeffrey said having seen the problem first start on Thursday morning, it was resolved when he was sent a text asking him to reset his password as a 'security precaution'.
Another customer, who wanted to remain anonymous, told the MailOnline he was still seeing other people's details when he logged in on Saturday morning.
He said: 'I can't delete my payment details as a security measure because I can't see them. I have to decide whether to go through the hassle and inconvenience of stopping my cards and changing my phone number.'
The customer said he had alerted RingGo to the problem on multiple occasions, and had been told it was fixed with the 'relevant authorities alerted', but the issues continued after this email.
On Twitter, app users complained of seeing people personal payment details, as well as the cars they had registered with the company.
One customer was called by another who had seen his phone number on the screen when he logged in with his details.
Users left poor reviews on the app's page in the Apple store, complaining of security and privacy compromises
The problem appeared to be spread across the country, with users as far spread as Hampshire and Edinburgh reporting issues
Apple users also left poor reviews on the app's page in the store to vent their frustrations after the problems.
RingGo said the problem affected a maximum of 2,000 people of the 18,000 who downloaded the new app on Tuesday, or updated it.
Users in Edinburgh, Bedford, Hampshire, Northampton and Stratford were among those complaining of errors when the app update launched.
It also appears the company used a designer who had never built an commercial app before to update their system.
Designer Phil Boulton tweeted 'My first iOS app went live yesterday! Check out the new @RingGo_parking app' on April 12.
RingGo has since clarified that Mr Boulton only worked on the user side, and the technical details were the responsibility of 'an in-house team with many years' experience'.
The problem first happened after an update on April 12 and 13, and most customers should see issues resolved by this evening.
On the app's iStore, an update reads: 'Fixed critical issue causing iOS 8.x users to experience difficulty using the app.
'Fixed issue where some permit zones would not find a session cost.'
The parking app allows drivers to register several cars and pay to park them in hundreds of locations across the country using their phone.
Each parking meter has a unique number which the motorist must book the car into.
A RingGo spokesman said: 'RingGo cashless parking released a new version of our iPhone app late on Tuesday 11 April.
'This all appeared to be working fine on Wednesday but on Thursday, during the peak rush hour, a glitch in the way the new app addressed the database meant that a small number of drivers were able to see high level details of other people’s accounts. As soon as the issue came to our attention we ran a fix and by 0930 no additional motorists’ info could be viewed.
'We believe the actual number of people who have been directly impacted is around 600. We are in the process of clearing all personal details from the 600 accounts and asking them to resubmit their info. Until this process is complete some users may still see the wrong details. This error is totally unacceptable and we apologise sincerely to those affected.
'There were 1400 other accounts potentially affected as they were parking at the time the incident began. As a precaution we have disabled their passwords and contacted them with a new PIN so they can reset their passwords.
'We can assure customers that no useable payment card information was displayed – only the last 4 digits are shown. Some personal data could have been visible, such as name, email, mobile, car registration, parking history and address (although for a large number of our users we do not hold any address information). It would not be possible to use another’s account to pay for a parking session.
'We take the security of our customers’ data extremely seriously and a full investigation into the root cause is taking place so that this issue will not happen again.
'We followed standard data incident procedures and have already submitted a report covering this data issue to the ICO. We have also contacted, by email, phone and SMS, those affected.'
Most watched News videos
- Pentagon release footage of MOAB being dropped in Afghanistan
- Bad parker gets blocked by two Jeeps to teach him a lesson
- Muslim woman refuses to remove hijab for airport security in Rome
- FIRST EVER trailer unveiled for Star Wars: The Last Jedi
- Mega blast after Russia tests non-atomic 'Father Of All Bombs' 2007
- US Air Force releases footage of the first MOAB bomb test
- Huge crowd welcomes Kim Jong-Un at Day of the Sun rally
- Military parade honours 105 years since birth of Kim Il Sung
- Shocking moment a horse attacks an alligator in Florida
- Woman who dressed as witch to abuse children sentenced to life
- Rapturous reception for Kim Jong Un opening residental complex
- Sword dancers perform during North Korea's Day of the Sun
- Kim goes ballistic: North Korean dictator threatens...
- 'You are not safe for us': Muslim woman films Rome...
- 'Give me a fork and a knife!': Terrifying video of...
- His and Hers jets, paid for with YOUR tax dollars:...
- New drivers must be able to use Satnav in order to pass...
- Angry father 'chops off a 15-year-old boy's PENIS and...
- 'An ear-splitting blast then it felt like the heavens...
- EXCLUSIVE: Monkees star Michael Nesmith opens up about...
- Tragedy as NFL star Todd Heap accidentally runs over and...
- Instagram mommy-shamers accuse pop star Kelly Clarkson of...
- 'We STILL won't let Charlie go - and I defy any parent to...
- Sun columnist and former editor Kelvin MacKenzie is...
- EXCLUSIVE: Kathleen Biden sobs in court as she details...
- Frail Yoko Ono, 83, raises a smile as she visits Central...
- Aaron Hernandez weeps as he is found NOT GUILTY in double...
- State schools are slammed for charging parents £2-a-day...
- Serving Navy SEAL, 42, has been moonlighting as 'Jay...
- Police escort 23 drink-fuelled men from two stag-parties...