British Parking Association member UKPC in epic data protection failure

Yesterday members of the Money Saving Expert (MSE) forum exposed a serious data protection breech on the website of UK Parking Control Limited (UKPC) who are a parking enforcement company.

 

It first became apparent that thousands of photos taken by the company were on public view. We have blurred out sensitive parts of the following images.

The photos revealed many vehicles snapped with a UKPC parking invoice slapped on them, Also amongst the photos were car owners returning to their cars, tax discs and even identity cards with photos, full names along with matching signatures.

In what seems a rather sinister move, many of the photographs were of the interiors of customers vehicles, showing off the public’s personal belongings.

At least one of UKPC’s operatives seems to operate mostly from his bed, and scattered throughout the collection of photos were perhaps an inside glimpse as to how UKPC operate as this photo shows.

 

A UKPC operative at work taking his invoice printout machine to bed.

Other photos reveal sensitive UKPC documents scattered on a bed.

The tag line on the UKPC website is “The Parking Professionals” , with the company boasting it has G4S, KFC, Tescos, Blockbuster and Pizza Hut as its clients.

With regard to data security UKPC say on their website under the heading ‘Guarding against data misuse’;

In 2006 we introduced strict new measures to protect vehicle keepers against misuse of their details”

 

UKPC go on to say they have introduced additional safeguards, stating;

 

Even with our existing measures to protect data against misuse, concerns about private car parking companies and interest in the disclosure of data to them have continued. We have responded to those concerns and have introduced additional new restrictions to safeguard the information we manage.”

 

Or simply put, an omni-shambles approach to customers data.

 

Perhaps to add a touch of some kind of legitimacy to their operation UKPC display official looking badges at the bottom of most of their web pages.

Funny that, as The Institute of Parking Professionals was disbanded in November last year, which was a body set up by the British Parking Association limited (BPA).

 

As members of the BPA, UKPC have access to the DVLA database, to allow them to look up members of the public’s name and address details. By the looks of the photographs we’ve seen today, these DVLA looks-ups can be done from a laptop in the bedroom.

 

In February this year the chief executive of the DVLA said their was a case to allow trusted parties to update the DVLA database, as the president of the BPA (Anjna Patel aka Kira Fleck) asked the DVLA if their members could update the DVLA’s database.

 

It seems to us that once again the BPA are unable to regulate their own members, do we really want to see companies like UKPC fiddling with our records held at the DVLA?

 

Supposing they get distracted whilst changing your DVLA address details by their huge flat screen TV or their exotic pig in a basket.

 

 

 

 

 

 

 

 

A Star Trek fan?

————————————————————————————————-

If you have a story you think we would be interested in please email:

news@nutsville.com

Follow us on Facebook

Follow us on Twitter

  • Share/Bookmark

12 Comments

StromaMarch 31st, 2013 at 9:47 am

They also left their website open to people who could login into their extranet with the username and password set to test, here you could view employee details, images of parking charges that showed vehicles with options to cancel or proceed with the charges.

You could see where their employees would be working, what tickets they issued and their schedules to follow. Not only does this make a mockery of sensitive data held, but was a huge data protection act breach.

Screenshots were taken for a complaint to ICO which a number of mse forum users have issued, this is a huge issue and ukpc should be struck off the bpa aos list at the very minimum.

Pat PendingMarch 31st, 2013 at 10:20 am

Now there’s a surprise a Private Parking Cowboy Outfit abusing the Data Protection laws. REMOVE the BPA & all the other untrustworthy Cowboys from having access to the DVLA.

Kill SwitchMarch 31st, 2013 at 10:45 am

The DVLA aren’t innocent in all this, they’re the ones that allow these cowboy companies access to MY data, and they obviously don’t have any safeguards in place. Whilst the BPA Ltd is a complete shambles, the DVLA should be making sure that MY data is not being abused.

The DVLA should stop all private company access to our data immediately, and until they can convince us, the people whose information they are SELLING, that there are adequate safeguards in place.

ButtonpusherMarch 31st, 2013 at 12:09 pm

I know a few were accidentally deleted, genuine accident, whilst looking at the complete shambles of a website. happy easter to someone.

Essex EngDemApril 8th, 2013 at 7:52 pm

Damn, they seem to have fixed the Extranet hole.
They mention Carrillion as one of their clients. WRONG. Carrillion manage carparks themselves.

MyMatesAMonkeyMay 2nd, 2013 at 11:33 am

Nice level of security there great for robbers!
I hope that UKPC man had pants on!

Ming RiderMay 4th, 2013 at 9:32 pm

This shows the ‘level’ of the people we’re dealing with here. Just look at that awfull wally fireplace. No tast. :(

albertMay 6th, 2013 at 11:25 am

how do they keep a pig in the house, what about the smell, or does the pig get used to it,

Mrs SMay 6th, 2013 at 1:16 pm

It’s ‘breach’, you wear ‘breeches’.

StromaMay 12th, 2013 at 7:21 pm

They have removed the logo of the Institute of Parking Professionals from their site, pmsl they obviously looked at this blog to see what is happening in their idustry. Well done UKPC on updating that, are your passwords still set test ?

StromaMay 12th, 2013 at 7:22 pm

They have removed the logo of the Institute of Parking Professionals from their site, pmsl they obviously looked at this blog to see what is happening in their idustry. Well done UKPC on updating that, are your passwords still set to test ?

T BearNovember 4th, 2013 at 1:32 pm

I’ve been pinged a number of times and, although I would completely ignore them in my own car, I am a fire officer and the car is kept by the fire service and not only do they make me pay, they could result in disciplinary action.

Leave a comment

Your comment

Spam Protection by WP-SpamFree