In March, ParkMobile, the developer of the MKE Park app, became aware of a cybersecurity incident linked to a vulnerability in a third-party software which we use. In response, we immediately launched an investigation with the assistance of a leading cybersecurity firm to address the incident. We quickly eliminated the third-party vulnerability, and we continue to maintain our security and monitor our systems. Out of an abundance of caution, we also notified the appropriate law enforcement authorities.
We recently concluded our investigation and are now updating our users of the findings. Below are the key points about the incident.
- The investigation confirmed that no credit card information was accessed.
- No data related to a user’s parking transaction history was accessed.
- Only basic user information was accessed. This includes license plate numbers, as well as email addresses, phone numbers, and vehicle nicknames, if provided by the user. In a small percentage of cases, mailing addresses were also affected.
- Encrypted passwords were accessed, but not the encryption keys required to read them. We protect user passwords by encrypting them with advanced hashing and salting technologies.
- We do not collect Social Security numbers, driver’s license numbers, or dates of birth.
We take extensive measures to protect user passwords. However, as an added precaution, users can change their password in the “Settings” section of the MKE Park app or on the web by clicking this link. We recommend always using unique passwords for different online accounts.
If you are a MKE Park user, River Run urges you to follow the steps to update your password. This alert emphasizes why we must adopt strong password policies and change passwords frequently. If you have any questions on password health or other cybersecurity issues, please don't hesitate to reach out to River Run today.