According to a report published by TV2 a short while ago, the EasyPark app, widely used in Denmark for paying for parking spaces in most parts of Denmark, has been hacked by internet hackers.
Accordingly, EasyPark sent emails to customers on Friday stating that the company had been the victim of a cyberattack on December 10. The company stated that this information was “non-sensitive,” but nevertheless encouraged customers to be aware of one thing in particular: the attack resulted in the leakage of non-sensitive customer data, EasyPark wrote in the email, according to the source.
According to EasyPark, hackers were able to access certain information from many of the service's customers. This information includes full name, phone number, address, and email address. They were also able to access parts of customers' credit card information, which is displayed in connection with payment in the application. However, according to the source quoting EasyPark, the information cannot be used to make payments because it is insufficient in this regard.
The company adds that the hackers were unable to access data describing where customers stopped or the customer's registered vehicles.
EasyPark's head of communications, Lena Lindahl, told TV2 that the security and confidentiality of customer data are of utmost importance and therefore the situation is also upsetting to them, adding, "We are deeply saddened that this has happened, and we will continue to work hard every day to earn the trust of our customers.".
For security reasons, EasyPark cannot share details of the incident or how many Danes were affected. However, this is a portion of the app's customers across Europe, according to Lena Lindahl, who also explained to the source that when EasyPark describes accessed information as "non-sensitive," it is in accordance with EU regulations in force in the region.
Beware of phishing.“
Although it was “non-sensitive” information that hackers were able to access, the leak could create uncertainty among app users, as communications manager Lena Lindahl acknowledges: “We are aware that exposure to a data breach is concerning, and as always, you should be aware of phishing attempts, which are unfortunately common.”.
What is “trolling”?
- Fake emails and text messages are called phishing and scams. These are the methods criminals use to steal your personal information electronically.
- This usually happens when you receive a phishing email or SMS message in which the sender tries to persuade you to hand over your personal information, such as payment card information, MitID information, or other private information via email, a fake website, or something else.
- Phishing can also occur when you are contacted and informed that you have won a contest, for example, and that you must provide your personal information in order to receive the prize.
Source: Sikkerdigital.dk, citing TV2
EasyPark reported that the attack was dealt with quickly and an overview of affected customers was created, where all affected customers will be contacted.
Although some parking service customers may not have been aware of the attack until the email was sent on Friday, EasyPark has been reporting the attack via its app and website since December 14, explains Lena Lindahl. She adds that the Danes who received the email on Friday were those who did not open the message sent in the app, and some may also have been contacted via text message.
The attack on EDC, a well-known real estate company
According to the source, EasyPark is not the only major company that has recently been subjected to cyberattacks that led to data leaks. Last November, EDC was attacked by a pro-Russian hacking group called Black Basta. The group obtained a large amount of customer data, including nearly 100,000 social security numbers of current and former EDC customers. More than 700,000 pieces of common customer data, such as name, email, and address, were compromised.
EDC also reported after the attack that copies of passports, driver's licenses, and health insurance were also compromised, according to the source. Black Basta later threatened to release the hacked data unless it was paid $6 million – about 41 million Danish kroner. When the ransom was not paid, at the end of November, Black Basta shared copies of 1,300 people's passports, driver's licenses, and health insurance certificates online, according to TV2.
