Columbus parking app gives answer on whether data leak impacts its users
COLUMBUS, Ohio (WCMH) -- Cybersecurity attacks jumped 78 percent last year, from the year before, according to the Identity Theft Resource Center 2023 Annual Data Breach Report.
Just this weekend, the Seattle airport stated it was hit with a “possible cyberattack.” This all comes as the City of Columbus tries to recover after NCB4 reported thousands of people’s private information was leaked on the dark web.
NBC4 Investigates is hearing from many viewers asking whether their information was compromised if they use the city’s parking app. We reached out to the people behind the app -- a third party -- who stated that no customer data from a parking transaction is shared directly with the city.
"For clarity, ParkMobile powers digital parking payments in Columbus via the ParkColumbus white label mobile app and website. A white label allows cities the option to display a customized branded experience through ParkMobile," a spokesperson wrote. "To note, no customer data from a parking transaction is shared directly with the city. We also have no information suggesting that ParkMobile customer data is involved in the cyberattack on the city of Columbus."
As NBC4 learns more about the extent of the attack against Columbus, we also wanted to know if there is any way to stop such an attack.
"The cyber groups that I've gone to and the conferences I've gone to, the basic conversation is we're playing cat and mouse," said cybersecurity expert Daniel Maldet.
Maldet was one of the first to show NBC4 the city data up for auction on the dark web. As of Monday, the Rhysida ransomware group that claimed responsibility has as many as twelve other active auctions, from a subscription service to online resources to financial institutions.
"We're just trying to figure out what they're going to do next," Maldet said. "And we haven't figured out how to be proactive about that and get in front of this. So it looks like there's not going to be an end in sight."
While the phrase “cyberattack” may become all the more common, there are some actions entities can take to prepare and recover more easily. Maldet said one of those is encryption or locking.
"Encrypting data is one of the most important things, and it would be very difficult for an attacker to decrypt data that has been properly encrypted," Maldet said. "And so I think that the sign now is that a lot of businesses, even though they should be encrypting their data, aren't doing it. And so once that data gets stolen, then the attackers have free reign over that."
That was the case for Columbus. Many of the city’s databases were not encrypted, and that may be how thousands of people’s personal information was made vulnerable.
"One of the most important things to be aware of is that once your data is breached, it could potentially be available indefinitely," Maldet said. "So it's never really good to think that it's just going to disappear. So that's why it's important to try to stay protected, enable things that will prevent an attacker from being able to access accounts."
Columbus is offering free credit monitoring to everyone who is impacted, and now that includes minors. As of Monday morning, almost nine thousand people had signed up and 69 minors.