Possible data breach of 'The Parking Space'

bluebanana62

In November I got a Parking Charge Notice from private parking company 'The Parking Space' (TPS). The details are not important, but I forgot to pay for 2 hours instead of 1, and I just paid the PCN online.

Whenever I deal with a new company, especially online, I use a new email alias, which allows me to know where emails are coming from (and/or block them) if some company has a data breach or mis-uses my email address.

Last week I suddenly got over 200 emails in the middle of the night, for sign up confirmations/activations for a bunch of different companies (some major e.g. PayPal, and some random small ones, all across the world). These were all sent to the alias I used for TPS.

Someone also made a purchase using the credit card details I used to pay the PCN. I know they also have my name and postal address, as this was used as the invoice address. This has all been sorted with the bank and reported to Report Fraud, however I wanted to make others aware.

I don't think I have any way to systematically prove that TPS have actually mis-used my data or had a data breach, however I am sure that I've only used that email alias for them. I issued a complaint to them and they deny having had a data breach and say they handle personal information carefully.

My recommendations to people dealing with slightly shady companies (including private parking companies) is:

• Use a separate email alias for every company you deal with. There are a few ways to do this, but the easiest is with a service designed for this, like Firefox Relay.
• Pay with credit card, so if your details get stolen and your card gets used, you haven't immediately lost money.
• If your bank supports it, turn alerts on so you get notified of every transaction.

If you need to deal with TPS specifically, I would use extreme caution about how you deal with them and the personal information you provide to them.

Coupon-mad

I think you should report this to the Information Commissioner because that email address was only used with TPS.

It's a shame you paid them, and a shame you used a private car park at all. Avoid!

Please can you show the PCN front and back? Redact your data & refs of course!

MothballsWallet

@bluebanana62 I think you have to complain to the company first and then to the ICO, but there's nothing to stop you doing it by email with the company's DPO in the "To" line and CC'ing the ICO in on it for reference.

bluebanana62

@Coupon-mad indeed. Unfortunately not a lot of options sometimes. I've rejected one before (from another parking company) and taken all the way to court, and won. Would do again for something blatantly unfair, but it does require a lot of time, stress, and financial risk.

@MothballsWallet Company complaint has already gone in and response as summarised. Will see if we get any further, if not I can take it to the ICO, although reading this, it seems there's not a lot they really do now.

MothballsWallet

@bluebanana62 Well, the ICO did fine Capita in October 2025 for GDPR breaches - maybe they're trying to collect the money? (Perhaps Capita should fire all levels of their upper management in all divisions, I'm sure they'd find the money then.)