Feeds

Parking ticket firm 'exposed private info' - ICO making enquiries

Katie Price's throbbing ride apparently NOT revealed, though

Boost IT visibility and business value

Exclusive Britain's privacy watchdog will investigate a major car-parking contractor after its website allegedly leaked drivers' personal information.

Readers will be relieved to know, however, that representatives of chesty TV princess Katie Price say she has avoided having any sensitive private information revealed during the affair.

UK Parking Control (UKPC) is accused of revealing photographs of Brits' cars parked with number plates clearly to be read and in some cases the location revealed. In some images it's alleged that other details such as identification cards, shopping or belongings are clearly visible. Campaigners against private parking firms believe these images - allegedly made easily accessible to anyone on the UKPC website - exposed drivers' personal information.

Each ticket dished out by UKPC, which monitors 1,200 car parking locations nationwide, includes a unique link to the company's website: the printed URL pulls up a page with pictures of the vehicle taken by one of the company's ticketing operatives to illustrate why that particular penalty was issued.

But one ticket recipient claimed to have found that by tweaking values in this web address, he could access thousands of other digital photographs of other people's vehicles. Sample pictures seen by The Register appeared to support the allegations. Some shots show personal items on view inside the vehicles, such as an ID card placed next to a disabled-driver badge.

Photos of parked cars with number plates visible can in themselves cause privacy problems, as they can show where a driver has been. This is why numberplates are blurred out on Google Street View, for instance, and why only police and other authorised users are allowed access to number plate records generated by such systems as speed cameras.

Numberplates linked to names and potentially to precise locations and times would offer still more scope for embarrassment, so it's clear that UKPC's database contains significant private information subject to the Data Protection Act.

After being alerted by The Register and our sources, the UK Information Commissioner's Office confirmed it will begin an investigation into the alleged leak.

An ICO spokesperson said:

We have recently been made aware of a possible data breach involving UKPC, and are now making enquiries into the circumstances of the alleged breach before deciding what action, if any, needs to be taken.

Word of the alleged security bug in the website of UKPC - which monitors car parks for Tesco, B&Q and other big names - has spread on the Money Saving Expert discussion forums and motoring discussion board Pepipoo. Some images, said to be taken from the UKPC website, were reproduced on the Nutsville blog, which campaigns against the private parking enforcement industry in the UK.

And it was claimed a snap of a gleaming white Range Rover belonging to pneumatic pinup Katie Price - aka the model Jordan - was among the unearthed images. Some reports have it that Ms Price does have such a vehicle among her fleet - and the personalised number reported on the vehicle was highly suggestive. However a spokeswoman for the upon-a-time-model told the Reg that Ms Price's only Rover 4x4 is pink, has a different number, and that anyway she's trying to sell it.

Despite strongly worded legal threats from UKPC's solicitors, the Nutsville bloggers have refused to take the pictures down.

An anonymous source linked to the site, which uses overseas servers and other measures to mask its owners' identities, told the Reg:

"If UKPC keeps on threatening us, we will just put up more posts. They have been subjected to civil public justice. They should take the punishment and learn a lesson."

The source claimed it was "irresponsible" of UKPC to expose its cache of photographs online in such an insecure manner.

"UKPC say we have broken the law, but we didn't even need a password to see these photographs," our contact added.

We're told the photographs date back to 2009. Allegedly, some are a telling insight into the lives of UKPC parking personnel: some photographs, it's claimed, were taken inside the homes of the company's workers, from snaps of someone lying in bed to a scene of a pig relaxing in a dog basket in front of a massive widescreen telly.

UKPC has been repeatedly contacted for comment by The Register over recent days, but no one at the company has been available to comment on the allegations. We should note that it is not against the law to film or photograph in a public place where there is no reasonable expectation of privacy. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?