PITTSBURGH — 11 Investigates has a warning for anyone who got a parking ticket in the City of Pittsburgh.
Chief Investigator Rick Earle uncovered a problem that put people’s personal and financial information at risk.
11 Investigates discovered that checks with account and routing numbers were unprotected on the Pittsburgh Parking Authority’s website for anyone to see.
Rick Earle tracked down two people whose checks were viewed. One of them agreed to tell his story as long as 11 Investigates did not reveal his identity.
Earle: Can you tell me what this is?
Victim: That is a digital image of a check that I wrote to the Parking Authority of Pittsburgh back in 2014.
Earle: That’s your check. It has your check number, your routing number, your address, your wife’s name? Are you curious how I got that?
Victim: A little bit.
Earle tracked down this man after obtaining an image of check he wrote to pay a parking ticket a decade ago.
Earle: Is this an active account?
Victim: Yes.
Earle: It’s an active checking account, so that’s a little bit frightening?
Victim: Right.
A driver paying a ticket on the authority’s website discovered the exposed checks when he typed in random vanity plate numbers. Vehicle and ticket information along with an image of a check popped up.
He immediately alerted the parking authority and then reached out to 11 Investigates.
The authority was unaware that the data had been exposed.
Victim: I was surprised that I was part of a data breach. Disheartening that the parking authority allowed this to happen.
Pittsburgh Parking Authority Executive Director Dave Onorato, who just this year received the International Parking and Mobility Institute’s Professional Excellence Award for Technology, told 11 Investigates it happened about two months ago, when a third-party vendor transferred information from in house computers to the cloud and forgot to check all the boxes, leaving the checks exposed.
Earle spoke with an expert from the Identity Theft Resource Center in Washington, D.C.
“Unfortunately, these things happen from time to time. They’re basically system errors, James Lee said. ”The good news is, when you are talking about a cloud database, being exposed like this, is most times, there is actually no misuse of the information.
In a statement to 11 Investigates, the Parking Authority said this was an isolated incident, and while they continue to investigate, they suspect only two checks were viewed.
The vendor, they said, will offer 12 months of complimentary credit monitoring to the customers.
The authority also added that, “protecting the privacy and security of our customers and those we serve is a top priority.”
The two customers, who told Earle that both checking accounts are active, hadn’t heard about the exposure until we told them.
“Thank you for bringing that to my attention, but yes, I’ll just continue to be vigilant and monitor all my accounts,” said the victim, who indicated he had been the victim of two prior data breaches.
Lee, with the Identity Theft Resource Center, told Earle that the vendor should be able to tell if anyone else accessed the checks in question or any other checks that they may still have.
He also said that this incident should serve as a warning to other government agencies and businesses.
“It’s a great reminder to other business, make sure you put your security protocols in place whenever you move from your on premises computer system to a cloud,” Lee said.
Earle reached out to the third-party vendor, but as of this writing, hadn’t heard back.
The expert from the Identity Theft Resource Center also questioned why the vendor was still sitting on checks more than a decade old.
He said the bottom line is, if you don’t have the data, it can’t be compromised.
Download the FREE WPXI News app for breaking news alerts.
Follow Channel 11 News on Facebook and Twitter. | Watch WPXI NOW
©2025 Cox Media Group
/cloudfront-us-east-1.images.arcpublishing.com/cmg/XCUXZC2XYZHCRGNNGKFEX6U3LQ.png)
