ParkMobile Fined $1 Per Victim in 22 Million User Data Breach
▼ Summary
– ParkMobile settled a class action lawsuit over a 2021 data breach that affected 22 million users, with a $32.8 million compensation fund.
– Affected users are receiving compensation as a $1 in-app credit, which must be manually claimed using a discount code and consists of four $0.25 credits.
– The stolen data included personal information such as names, email addresses, phone numbers, license plate numbers, and hashed passwords, leaked in a 4.5 GB file.
– The discount code expires on October 8, 2026, for most users, but California residents have no expiration date.
– ParkMobile is warning users of ongoing SMS phishing attacks and advises not to click links or share sensitive information in unsolicited messages.
Following a significant data breach impacting millions, ParkMobile has concluded a class action lawsuit, offering affected users a compensation package that has drawn considerable attention. The settlement provides a total of one dollar per eligible individual, distributed as a series of in-app credits that must be manually claimed and come with an expiration date.
Users began receiving emails last week detailing how to access their portion of the settlement fund. The notification informed them they are eligible for a credit of up to one dollar to be applied toward the platform’s service fees. This credit is not issued automatically; instead, it is provided as a discount code that grants a $0.25 reduction on service fees, usable up to four separate times to total the full dollar amount.
The legal action stemmed from a 2021 security incident where threat actors accessed and subsequently leaked a database containing the personal information of nearly 22 million customers. The exposed data was substantial, comprising a 4.5 GB file that included customers’ full names, phone numbers, email addresses, user names, encrypted passwords, physical addresses, and vehicle details, including license plate numbers. The lawsuit, filed in a federal court in Georgia, alleged that ParkMobile failed to implement adequate data security measures to protect this sensitive user information.
As part of the settlement agreement, which established a compensation pool of $32.8 million, ParkMobile explicitly denied any wrongdoing or liability. The company stated that the resolution was a way to settle disputed claims without an admission of fault. Class members were initially directed to submit a claim form by a specific deadline in 2025 to receive compensation. For those who did not submit a form, the company is now distributing a unique discount code via email.
To redeem the credit, users must manually enter the code “P@rkMobile-$1” in the Discounts section of the app before initiating a parking session. It is crucial to note that for the majority of users, this promotional code will expire on October 8, 2026. However, residents of California are granted an exception, as their codes do not carry an expiration date. The credit is specifically designed to offset service fees on standard transactions and cannot be applied toward reservation bookings.
In the wake of the settlement announcement, ParkMobile is also alerting its user base to a rise in fraudulent SMS phishing campaigns. These deceptive messages impersonate the company and instruct recipients to click a link to settle a fake outstanding balance. The company emphasizes that these are fraudulent communications and urges customers to exercise extreme caution. ParkMobile has reiterated that it will never solicit passwords, security codes, banking details, or requests for fund transfers through unsolicited messages.
Customers are advised to remain vigilant against such scams, carefully verify the sender of any suspicious communication, and avoid scanning QR codes from unverified sources, as these often lead to counterfeit websites designed to steal personal and financial information. For individuals who previously used the service, a reputable third-party website like HaveIBeenPwned can be consulted to check if their email was involved in the 2021 data breach.
(Source: Bleeping Computer)
