ParkMobile Data Breach Class Action: Here’s What You Need to Know

ParkMobile, LLC has been hit with a proposed class action after announcing in March 2021 that it had been the subject of a “cybersecurity incident.”

According to the 28-page case, filed May 25 in Georgia federal court, the data breach was a “direct and proximate result” of ParkMobile’s failure to implement “basic security procedures,” including those recommended by the Federal Trade Commission.

Because of ParkMobile’s inadequate security protocols, customers’ personally identifiable information (PII) is “now in the hands of criminals,” the lawsuit alleges, noting that those affected face a heightened risk of identity theft both now and in the future.

The case claims ParkMobile should have been aware of its obligation to protect users’ private information and the consequences of failing to do so, especially in light of other recent data breaches.

“Despite all of the publicly available knowledge of the continued compromises of PII, ParkMobile’s approach to maintaining the privacy of PII was reckless, or in the very least, negligent,” the complaint scathes.

The Data Breach

Per the lawsuit, ParkMobile, which holds itself out as “the leading provider of parking solutions in the U.S.,” announced on March 26, 2021 that it had become aware of a cybersecurity incident “linked to a vulnerability in a third-party software” used by the company. According to the case, ParkMobile indicated that “no sensitive data” or payment card information was affected.

ParkMobile updated its announcement on April 13 that users’ encrypted passwords were accessed but not the encryption keys needed to read them, the suit relays. Other information compromised in the breach included users’ license plate numbers and, if provided, email addresses, phone numbers and vehicle nicknames, the lawsuit says, adding that mailing addresses were also affected in a small number of cases.

According to the case, ParkMobile users’ information has already been listed for sale on a Russian crime forum. The suit says the data breach affected the information of roughly 21 million ParkMobile users.

The lawsuit argues that ParkMobile’s failure to prioritize cybersecurity was the direct cause of the data breach, which the suit says could have been prevented had the company implemented “reasonable” security measures.

“Had ParkMobile remedied the deficiencies in its information storage and security systems, followed industry guidelines, and adopted security measures recommended by experts in the field, ParkMobile could have prevented intrusion into its information storage and security systems and, ultimately, the theft of Plaintiff’s and Class Members’ confidential PII,” the complaint scathes.

The Plaintiff’s Experience

The plaintiff, a Vermont resident whose information was allegedly compromised in the ParkMobile data breach, says he has spent “valuable time” changing passwords and monitoring accounts after hearing about the cybersecurity incident.

According to the complaint, the plaintiff has experienced “abnormal activity” in his PayPal account, which was linked to his ParkMobile account, following the breach:

After he cancelled the account, Plaintiff has received and continues to receive fraudulent email messages claiming that funds in excess of $30,000 have been deposited into his inactive PayPal account. The suspicious messages then attempt to have the recipient submit additional personal information to receive the funds. Plaintiff has spent additional time reviewing and monitoring these suspicious and disturbing emails.”

The lawsuit claims the consequences of ParkMobile’s failure to secure users’ personal information, which range from having to spend time monitoring accounts to dealing with the effects of identity theft and fraud, “are long lasting and severe” and could continue for years to come.

Who Does the Lawsuit Look to Cover?

The proposed class action looks to represent anyone in the U.S. whose personally identifiable information was compromised in the ParkMobile data breach that occurred around March 2021.

How Do I Join the Lawsuit?

Generally speaking, there’s nothing you need to do to join a proposed class action lawsuit. If the case moves forward and a settlement is reached, that’s when those affected, i.e., “class members,” will have an opportunity to claim whatever compensation the court deems appropriate. Click here for more information about the process, including how they’ll know where to contact you in the case of a settlement. Keep in mind that class actions can take years to make their way through the court system, usually toward a settlement or dismissal, so sit tight and check back regularly for updates. 

In the meantime, get class action news and updates sent straight to your inbox by signing up for ClassAction.org’s free weekly newsletter here.