The Case Western Reserve University Information Security Office recently became aware of a breach of ParkMobile, the vendor that supplies self-paid parking on campus.
In March 2021, ParkMobile suffered a data breach impacting users of the ParkMobile app for iOS and Android, as well as users with a ParkMobile web account. The full breach notice is on the ParkMobile security blog. To check if you are affected by this breach, visit the information security site, haveibeenpwned.com/ and enter the CWRU email used to create a ParkMobile account. Please note that if your email was in any other unrelated data breach, that will be displayed as well.
The following information was in the breach:
- Encrypted passwords to the ParkMobile app
- Email addresses
- License plate numbers
- Phone numbers
- Vehicle nicknames
- Mailing addresses of a small number of users
No credit card information was breached and no parking history was breached. As a precaution, users can update their ParkMobile password on the ParkMobile app or on the ParkMobile website. Because they can be exposed elsewhere, a best security practice is to never reuse passwords/passphrases (always make sure to use unique passwords/passphrases for different accounts, and never use your CWRU passphrase anywhere else).
If you used your CWRU passphrase (or anything similar) at ParkMobile and were part of their breach, your CWRU passphrase has now been exposed and may be available to malicious actors on the Internet. Please change your CWRU passphrase as soon as possible.