Feeds

Parking ticket firm 'exposed private info' - ICO making enquiries

Katie Price's throbbing ride apparently NOT revealed, though

Seven Steps to Software Security

Exclusive Britain's privacy watchdog will investigate a major car-parking contractor after its website allegedly leaked drivers' personal information.

Readers will be relieved to know, however, that representatives of chesty TV princess Katie Price say she has avoided having any sensitive private information revealed during the affair.

UK Parking Control (UKPC) is accused of revealing photographs of Brits' cars parked with number plates clearly to be read and in some cases the location revealed. In some images it's alleged that other details such as identification cards, shopping or belongings are clearly visible. Campaigners against private parking firms believe these images - allegedly made easily accessible to anyone on the UKPC website - exposed drivers' personal information.

Each ticket dished out by UKPC, which monitors 1,200 car parking locations nationwide, includes a unique link to the company's website: the printed URL pulls up a page with pictures of the vehicle taken by one of the company's ticketing operatives to illustrate why that particular penalty was issued.

But one ticket recipient claimed to have found that by tweaking values in this web address, he could access thousands of other digital photographs of other people's vehicles. Sample pictures seen by The Register appeared to support the allegations. Some shots show personal items on view inside the vehicles, such as an ID card placed next to a disabled-driver badge.

Photos of parked cars with number plates visible can in themselves cause privacy problems, as they can show where a driver has been. This is why numberplates are blurred out on Google Street View, for instance, and why only police and other authorised users are allowed access to number plate records generated by such systems as speed cameras.

Numberplates linked to names and potentially to precise locations and times would offer still more scope for embarrassment, so it's clear that UKPC's database contains significant private information subject to the Data Protection Act.

After being alerted by The Register and our sources, the UK Information Commissioner's Office confirmed it will begin an investigation into the alleged leak.

An ICO spokesperson said:

We have recently been made aware of a possible data breach involving UKPC, and are now making enquiries into the circumstances of the alleged breach before deciding what action, if any, needs to be taken.

Word of the alleged security bug in the website of UKPC - which monitors car parks for Tesco, B&Q and other big names - has spread on the Money Saving Expert discussion forums and motoring discussion board Pepipoo. Some images, said to be taken from the UKPC website, were reproduced on the Nutsville blog, which campaigns against the private parking enforcement industry in the UK.

And it was claimed a snap of a gleaming white Range Rover belonging to pneumatic pinup Katie Price - aka the model Jordan - was among the unearthed images. Some reports have it that Ms Price does have such a vehicle among her fleet - and the personalised number reported on the vehicle was highly suggestive. However a spokeswoman for the upon-a-time-model told the Reg that Ms Price's only Rover 4x4 is pink, has a different number, and that anyway she's trying to sell it.

Despite strongly worded legal threats from UKPC's solicitors, the Nutsville bloggers have refused to take the pictures down.

An anonymous source linked to the site, which uses overseas servers and other measures to mask its owners' identities, told the Reg:

"If UKPC keeps on threatening us, we will just put up more posts. They have been subjected to civil public justice. They should take the punishment and learn a lesson."

The source claimed it was "irresponsible" of UKPC to expose its cache of photographs online in such an insecure manner.

"UKPC say we have broken the law, but we didn't even need a password to see these photographs," our contact added.

We're told the photographs date back to 2009. Allegedly, some are a telling insight into the lives of UKPC parking personnel: some photographs, it's claimed, were taken inside the homes of the company's workers, from snaps of someone lying in bed to a scene of a pig relaxing in a dog basket in front of a massive widescreen telly.

UKPC has been repeatedly contacted for comment by The Register over recent days, but no one at the company has been available to comment on the allegations. We should note that it is not against the law to film or photograph in a public place where there is no reasonable expectation of privacy. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.