ParkMobile, one of the largest parking payment platforms in the United States, suffered a data breach in March 2021 after attackers exploited a vulnerability in a third-party software the company used. The misconfiguration allowed unauthorized access to records for approximately 20.9 million customers. Within weeks of the breach, the stolen dataset was posted to a public hacking forum and widely redistributed. The exposed data included names, email addresses, phone numbers, vehicle license plate numbers, and passwords stored as bcrypt hashes. While the password hashing provides some protection, the license plate data is the most consequential element. Combined with parking history, plate numbers can be used to track a person's vehicle movements, identify routines, and infer home or work locations. This creates a risk profile that extends well beyond typical credential breaches. ParkMobile notified affected users, reported the incident to law enforcement, and patched the third-party vulnerability. A class-action lawsuit followed, alleging the company failed to implement adequate security practices. In December 2024, ParkMobile agreed to a $32.8 million settlement. Affected individuals should monitor for phishing attempts using their personal details, consider changing any reused passwords, and be aware that their vehicle and parking history may have been exposed to bad actors.

Parking-payment platforms collect user identity, phone numbers, vehicle information, payment-adjacent data, location-linked parking records, and reservation history across urban mobility workflows.

ParkMobile was acquired by EasyPark Group in 2021, the same year as the breach. It has continued expanding its municipal and campus parking partnerships under that ownership. The $32.8 million class-action settlement resolved the primary legal consequence of the 2021 incident.