Dear Customers and Clients,
On Friday evening, 7th February, BBC Newsline ran a story reporting a “Major Data Breach” on the JustPark platform.
Early last Friday afternoon, a single business customer in Belfast was accidentally given elevated permissions, which allowed them to see basic data of other business users. This was not the result of a hack or a glitch and the information was not published on the JustPark website or leaked online. The business user informed our Customer Support team and once investigated, the access was immediately revoked. They also reported the incident to the media.
As is good practise, we informed the Information Commissioner’s Office (ICO) of the error. The ICO decided that, as only a single client had been given accidental access to the information, which had already been revoked, it was unlikely to be used maliciously. The ICO informed us that this did not constitute a major data breach and no further action was required. Despite this we filed a report with them, just to be safe.
This was an isolated incident that absolutely shouldn’t have happened and I unreservedly apologise for that. I want to reassure everyone that uses and relies on JustPark that we promptly identified, fixed and reported the issue to the ICO.
The report claimed that thousands of user account details were published on the JustPark website due to a glitch. The premise and detail of the story were alarmist and demonstrably inaccurate.
For the peace of mind of our customers, we can assure you that no password information was exposed and JustPark does not hold payment details on our servers. This client reported the issue to us immediately and therefore had no malicious intent with the elevated access they had been given in error.
Nevertheless, the error that allowed this one business user to have elevated access to profile information was our error and I’m sorry for any distress or uncertainty this has caused.
Founder & CEO, JustPark