Calgary Parking Authority concludes investigation on 2021 cyber security privacy breach

On behalf of The City of Calgary, the Calgary Parking Authority (CPA) would like to apologize for the 2021 cyber security privacy breach that exposed customers’ personal information. Data accessible to external parties was secured within 20 minutes of the CPA becoming aware of the incident.

A thorough investigation was conducted in collaboration with the CPA, The City of Calgary and a third-party cyber security expert to determine the extent of the incident and understand what personal information may have been accessible. Findings from the investigation indicated the unauthorized disclosure of personal information for 145,895 customers could have been accessed during the incident including elements of names; emails; usernames; combined information elements of licence plates, validation tag numbers, vehicle information, residential address, and violation ticket information; and ParkingID numbers.

“Protecting access to our systems, and the safety and security of your personal information is a top priority for us,” says Interim General Manager of the CPA Chris Blaschuk. “This was an unfortunate, isolated incident; however, we have worked closely with our partners to strengthen our cyber security protections and mitigate incidents of a similar nature from occurring in the future.”

Since implementing the security measures, there has been no evidence of further disclosure or misuse of the personal information that was accessible. “We believe there is a low risk that the elements of personal information may be further exposed. We continue to monitor the situation closely,” says Blaschuk. “We sincerely appreciate your understanding and regret any distress this incident may have caused.”

As a result of the additional security measures implemented, the CPA has obtained a Cyber Secure Canada Certification.

To protect yourself from cyber threats:

  • Change your password regularly. Do not use easily guessed passwords. Do not use the same passwords for multiple accounts. 
  • Monitor your accounts and report suspicious activity.
  • Be vigilant against third parties attempting to gather information by deception (known as “phishing”), including links to fake websites.

For more information, visit