Data allegedly from Manhattan Parking Group has been leaked on a hacking forum.
The listing claims that the breach occurred this month (June 2025).
The data fields include:
Customer ID, First Name, Last Name, E-mail, Cell Phone Number, Order Number, Company Code, Garage, Date From, Time From, Date To, Time To, Vehicle Type, Options, Vehicle Information, Payment Information, Cost, Promo Code, Promo Code Unit, Reservation Date, Reservation Time, and Status.
The forum user is making all of the data with approximately 222,000 rows freely available to download.
Inspection of the leak reveals that the dates of the reservations were beween January 2022 and March 2024. “Vehicle information” is not the make or model of the car but merely whether the car is standard size or oversized. The payment card data in the table is truncated to the last few digits of the card, so it appears the leak is mostly basic customer information such as name, email address, phone number, which parking facility they parked at, and when. While many customers provided personal email addresses, a number used their corporate or business email addresses.
Manhattan Parking Group has been sent two email inquiries over the past week asking them if they were aware of the listing and if they would confirm or deny whether they had any breach. They have not replied, so there is no confirmation from MPG. A Google search, however, uncovered people whose names and information appeared to be a match to names and phone numbers DataBreaches found in the the leak. DataBreaches made no attempt to contact customers directly as it would only sound like a suspicious call.
DataBreaches is not a lawyer, but does not believe MPG would be required to make notifications given the types of data involved, but are they even aware of a breach? And if they are, what are they doing to prevent another incident?
If Manhattan Parking Group responds, this post will be updated.