A data breach at Cork City Park by Phone service in Ireland has affected more than 5,000 people.
The incident was initially reported to have occurred last Thursday and was reported to the authorities the next day, however, new details of the have since emerged that the first instance of the breach occurred in May, according to the Irish Examiner.
“The council reports that this compromised login allowed a third party to effectively masquerade as an APP on the desktop and automate access attempts and that the first instance of this breach occurred on May 22, 2018,” the Data Protection Commission said in a statement, the publication said.
The breach was described as an “unauthorised access and retention of personal data and the fraudulent use of parking credit,” the DPC added while emphasizing that no personal bank account or payment card details were accessed or balances were altered as a result of the incident.
Personal data including car registration numbers, email addresses, and mobile phone numbers may have been compromised in the incident and once the breach was identified, cybersecurity experts from KPMG were contacted to investigate the situation.
The city council also said it is taking steps to mitigate the consequences of the breach and that everyone who was affected will be notified. NuData Security Vice President Ryan Wilk said that while this breach didn’t’ include payment card data, threat actors are very talented when it comes to designing fraud schemes to take advantage of the information that was compromised.
“From phishing scams and dictionary attacks – where fraudsters try certain common passwords based on the user’s information – to synthetic identities; as little as an email address can go a long way in the hands of a bad actor,” Wilk said. “Continued reliance on static information to authenticate a user will continue to expose companies to breaches."
That, he said, "is why several customer-facing organizations that transact online are adopting multi-layered technology solutions that incorporate passive biometrics and behavioral analytics technology to help make stolen data valueless by verifying users based on their inherent behavior instead of relying on their data.”