Feeds

Parking ticket firm 'exposed private info' - ICO making enquiries

Katie Price's throbbing ride apparently NOT revealed, though

Remote control for virtualized desktops

Exclusive Britain's privacy watchdog will investigate a major car-parking contractor after its website allegedly leaked drivers' personal information.

Readers will be relieved to know, however, that representatives of chesty TV princess Katie Price say she has avoided having any sensitive private information revealed during the affair.

UK Parking Control (UKPC) is accused of revealing photographs of Brits' cars parked with number plates clearly to be read and in some cases the location revealed. In some images it's alleged that other details such as identification cards, shopping or belongings are clearly visible. Campaigners against private parking firms believe these images - allegedly made easily accessible to anyone on the UKPC website - exposed drivers' personal information.

Each ticket dished out by UKPC, which monitors 1,200 car parking locations nationwide, includes a unique link to the company's website: the printed URL pulls up a page with pictures of the vehicle taken by one of the company's ticketing operatives to illustrate why that particular penalty was issued.

But one ticket recipient claimed to have found that by tweaking values in this web address, he could access thousands of other digital photographs of other people's vehicles. Sample pictures seen by The Register appeared to support the allegations. Some shots show personal items on view inside the vehicles, such as an ID card placed next to a disabled-driver badge.

Photos of parked cars with number plates visible can in themselves cause privacy problems, as they can show where a driver has been. This is why numberplates are blurred out on Google Street View, for instance, and why only police and other authorised users are allowed access to number plate records generated by such systems as speed cameras.

Numberplates linked to names and potentially to precise locations and times would offer still more scope for embarrassment, so it's clear that UKPC's database contains significant private information subject to the Data Protection Act.

After being alerted by The Register and our sources, the UK Information Commissioner's Office confirmed it will begin an investigation into the alleged leak.

An ICO spokesperson said:

We have recently been made aware of a possible data breach involving UKPC, and are now making enquiries into the circumstances of the alleged breach before deciding what action, if any, needs to be taken.

Word of the alleged security bug in the website of UKPC - which monitors car parks for Tesco, B&Q and other big names - has spread on the Money Saving Expert discussion forums and motoring discussion board Pepipoo. Some images, said to be taken from the UKPC website, were reproduced on the Nutsville blog, which campaigns against the private parking enforcement industry in the UK.

And it was claimed a snap of a gleaming white Range Rover belonging to pneumatic pinup Katie Price - aka the model Jordan - was among the unearthed images. Some reports have it that Ms Price does have such a vehicle among her fleet - and the personalised number reported on the vehicle was highly suggestive. However a spokeswoman for the upon-a-time-model told the Reg that Ms Price's only Rover 4x4 is pink, has a different number, and that anyway she's trying to sell it.

Despite strongly worded legal threats from UKPC's solicitors, the Nutsville bloggers have refused to take the pictures down.

An anonymous source linked to the site, which uses overseas servers and other measures to mask its owners' identities, told the Reg:

"If UKPC keeps on threatening us, we will just put up more posts. They have been subjected to civil public justice. They should take the punishment and learn a lesson."

The source claimed it was "irresponsible" of UKPC to expose its cache of photographs online in such an insecure manner.

"UKPC say we have broken the law, but we didn't even need a password to see these photographs," our contact added.

We're told the photographs date back to 2009. Allegedly, some are a telling insight into the lives of UKPC parking personnel: some photographs, it's claimed, were taken inside the homes of the company's workers, from snaps of someone lying in bed to a scene of a pig relaxing in a dog basket in front of a massive widescreen telly.

UKPC has been repeatedly contacted for comment by The Register over recent days, but no one at the company has been available to comment on the allegations. We should note that it is not against the law to film or photograph in a public place where there is no reasonable expectation of privacy. ®

Intelligent flash storage arrays

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.