Feeds

Parking ticket firm 'exposed private info' - ICO making enquiries

Katie Price's throbbing ride apparently NOT revealed, though

Choosing a cloud hosting partner with confidence

Exclusive Britain's privacy watchdog will investigate a major car-parking contractor after its website allegedly leaked drivers' personal information.

Readers will be relieved to know, however, that representatives of chesty TV princess Katie Price say she has avoided having any sensitive private information revealed during the affair.

UK Parking Control (UKPC) is accused of revealing photographs of Brits' cars parked with number plates clearly to be read and in some cases the location revealed. In some images it's alleged that other details such as identification cards, shopping or belongings are clearly visible. Campaigners against private parking firms believe these images - allegedly made easily accessible to anyone on the UKPC website - exposed drivers' personal information.

Each ticket dished out by UKPC, which monitors 1,200 car parking locations nationwide, includes a unique link to the company's website: the printed URL pulls up a page with pictures of the vehicle taken by one of the company's ticketing operatives to illustrate why that particular penalty was issued.

But one ticket recipient claimed to have found that by tweaking values in this web address, he could access thousands of other digital photographs of other people's vehicles. Sample pictures seen by The Register appeared to support the allegations. Some shots show personal items on view inside the vehicles, such as an ID card placed next to a disabled-driver badge.

Photos of parked cars with number plates visible can in themselves cause privacy problems, as they can show where a driver has been. This is why numberplates are blurred out on Google Street View, for instance, and why only police and other authorised users are allowed access to number plate records generated by such systems as speed cameras.

Numberplates linked to names and potentially to precise locations and times would offer still more scope for embarrassment, so it's clear that UKPC's database contains significant private information subject to the Data Protection Act.

After being alerted by The Register and our sources, the UK Information Commissioner's Office confirmed it will begin an investigation into the alleged leak.

An ICO spokesperson said:

We have recently been made aware of a possible data breach involving UKPC, and are now making enquiries into the circumstances of the alleged breach before deciding what action, if any, needs to be taken.

Word of the alleged security bug in the website of UKPC - which monitors car parks for Tesco, B&Q and other big names - has spread on the Money Saving Expert discussion forums and motoring discussion board Pepipoo. Some images, said to be taken from the UKPC website, were reproduced on the Nutsville blog, which campaigns against the private parking enforcement industry in the UK.

And it was claimed a snap of a gleaming white Range Rover belonging to pneumatic pinup Katie Price - aka the model Jordan - was among the unearthed images. Some reports have it that Ms Price does have such a vehicle among her fleet - and the personalised number reported on the vehicle was highly suggestive. However a spokeswoman for the upon-a-time-model told the Reg that Ms Price's only Rover 4x4 is pink, has a different number, and that anyway she's trying to sell it.

Despite strongly worded legal threats from UKPC's solicitors, the Nutsville bloggers have refused to take the pictures down.

An anonymous source linked to the site, which uses overseas servers and other measures to mask its owners' identities, told the Reg:

"If UKPC keeps on threatening us, we will just put up more posts. They have been subjected to civil public justice. They should take the punishment and learn a lesson."

The source claimed it was "irresponsible" of UKPC to expose its cache of photographs online in such an insecure manner.

"UKPC say we have broken the law, but we didn't even need a password to see these photographs," our contact added.

We're told the photographs date back to 2009. Allegedly, some are a telling insight into the lives of UKPC parking personnel: some photographs, it's claimed, were taken inside the homes of the company's workers, from snaps of someone lying in bed to a scene of a pig relaxing in a dog basket in front of a massive widescreen telly.

UKPC has been repeatedly contacted for comment by The Register over recent days, but no one at the company has been available to comment on the allegations. We should note that it is not against the law to film or photograph in a public place where there is no reasonable expectation of privacy. ®

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.