ParkMobile Data Breach Affects Some Mobile Parking App Users | Information Technology | University of Pittsburgh

ParkMobile Data Breach Affects Some Mobile Parking App Users

Wednesday, April 14, 2021 - 16:15


Pitt Information Technology has received reports of a data breach that occurred at ParkMobile in March 2021. ParkMobile makes the popular mobile parking app of the same name and provides metering and parking app services to the City of Pittsburgh. Some University of Pittsburgh garages may accept payments through ParkMobile, if you pay through the application.

What Data Was Affected?

ParkMobile indicates that basic user information was taken, including license plate numbers and, if provided by the user, email addresses, phone numbers, and vehicle nicknames. Encrypted passwords were taken but not the encryption keys necessary to read the passwords, meaning that significant resources would be needed to break the password encryption.

ParkMobile indicates that no credit cards or parking transaction history were accessed, and they do not collect Social Security numbers, driver’s license numbers, or dates of birth.

What Do I Need to Do?

If you have an account with ParkMobile, out of an abundance of caution, Pitt IT recommends you change that password as soon as possible.

While the data exposed in the alleged breach did not come from University systems, sometimes individuals reuse the same passwords on multiple websites. If you use the same or a similar password at Pitt or other websites, you should also change those passwords. Also, because of the nature of other data taken, be vigilant for an increase in phishing scams or other scams related to this data.

In addition, utilize the following good password practices to minimize your susceptibility to data breaches:

  • Use a password manager to simplify the management of your various passwords. Pitt Password Manager (LastPass) is available at no cost to all students, faculty, and staff. You can use it to create strong, unique passwords for all your online services.
  • Do not reuse passwords across different websites. Scammers try variations of known passwords, so it is important to make sure your passwords are not similar to each other.  
  • Use strong, complex passwords that include symbols, numbers, and uppercase and lowercase letters.
  • Change your passwords frequently.
  • Use multifactor authentication on websites that allow it.

Please contact the 24/7 IT Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.