October 26th, 2016

Parking firm letter gaffe sparks security worries

Parking firm letter gaffe sparks security worries Parking firm letter gaffe sparks security worries
Updated: 2:57 pm, May 07, 2015

CONCERNS have been raised about the company in charge of parking permits across the district after a householder was accidentally sent a host of private and confidential information about other residents.

Martin Pope was shocked to find when he received his permit from NSL that his letter contained the private details of five other residents, including two from Warwick and one from Leamington.

The information included their names, addresses, vehicle registration details and login details which allow access to a secure website containing yet more private information.

The county’s on-street parking service was taken over by private company NSL last November after it was awarded the contract by Warwickshire County Council.

Mr Pope, who works for delivery firm Ocado, said: “I couldn’t quite believe it when I opened the letter.

“I’d already had to chase them because I hadn’t received the usual reminder we used to get when the borough council ran the service.

“I filled out a form online and then got a letter through telling me my permit application had been successful and giving me login details to sign on and finish off the process.

“But when I looked behind my letter there were five others which were the same but for other people.

“They contained all of their private information, vehicle details, usernames and passwords.

“This is clearly a really serious data breach and it’s really quite worrying.”

Mr Pope said he was concerned the incident may not be a one off and that his details may have been sent to others.

NSL spokesperson, Belinda Webb-Blofeld, said the company was identifying the breach with its permit printers.

She said: “We are very disappointed to learn of five letters intended for other motorists, being sent in error to one recipient.

“We will be in contact with those five motorists to reassure them that the risks pertaining to the information is minimal – where the letters contained the motorist’s parking account PINs, the only action anyone could take would be to pay the named motorist’s permit fees.

“We do take data protection extremely seriously, which is why we have earned accreditation only awarded where it has been shown that an organisation has robust data security measures in place.”

She added the company inherited a backlog of 12,000 permit applications across Warwickshire when it took over the service, which it has since cleared.