Update to RingGo app leaves thousands of UK drivers' data exposed
Update to RingGo app leaves thousands of UK drivers' data exposed

Following a new version released last week, customers using the app found other people's details when they logged into their own accounts.

The app allows users to register multiple cars and pay to park in locations across the UK using unique numbers on parking meters.

Some users reported being kicked out of the app even though their details were correct, or were forced to change their password. Others were unable to remove their card details as a precautionary measure since they couldn't see them.

Aggravated customers took their frustrations out on Twitter. One customer wrote, “You'd have to go some to create a more user-unfriendly app. How did you manage to make it so useless?”

Another user wrote: “When I logged in this morning, I had someone else's details on show! Very bad breach.”

A spokesperson for RingGo said the company believed 600 people were directly affected and another 1400 were potentially impacted by the breach. “We are in the process of clearing all personal details from the 600 accounts and asking them to resubmit their info. Until this process is complete, some users may still see the wrong details. This error is totally unacceptable and we apologise sincerely to those affected.

“We can assure customers that no usable payment card information was displayed – only the last four digits are shown. Some personal data could have been visible, such as name, email, mobile, car registration, parking history and address (although for a large number of our users we do not hold any address information).

“We take the security of our customers' data extremely seriously and a full investigation into the root cause is taking place so that this issue will not happen again.”

RingGo has submitted a report covering the issue to the ICO. Those affected by the data breach have been contacted via email, phone and SMS.