An investigation by Sky News has revealed how a UK parking fine collection company inadvertently published its database online.
PaymyPCN.net, which says it has been a “key player in the collection of parking charge notices (PCNs)” for 20 years, took its website offline for a short while after being contacted by Sky News, but not before personal data of around 10,000 motorists had been made public.
The company, which allows drivers to both appeal and pay parking fines, describes itself as a PCI DSS compliant payment processor that uses encryption to safeguard drivers’ privacy and transaction details.
All of that appears to be for almost nothing though – Sky News reports how the database entered the public domain after an unrestricted link to it was sent to a motorist by mistake.
The motorist then forwarded it to lawyer Michael Green, a consumer activist running the ChallengeTheFine.com website, who published it on Twitter (now deleted).
Contained within the database were 9721 records, including names and addresses of drivers provided by the Driver and Vehicle Licensing Agency (DVLA).
Photographs of motorists and their vehicles taken by enforcement officers were also available, as were emails of appeals against parking tickets.
Sky News also reports that details of the alleged parking infringements, including the dates, times and locations at which they were said to have occurred were also viewable.
A spokeswoman for the DVLA, which has previously been criticised for “legalised mugging” after making £25m from the sale of personal information belonging to 8.7 million drivers, said the error was nothing to do with the agency:
This is not a DVLA error. We take our duty to safeguard data very seriously and we will not compromise data security.
Making no mention of motorists’ name and addresses, she added:
Follow @Security_FAQs Follow @NakedSecurity
DVLA does not hold or provide data such as photographs, emails and phone numbers to private parking companies.