Hackers Target Parking Garages Nationwide

Update: 9:30 a.m. ET: On February 2, reports surfaced regarding yet another data breach at an airport parking service.

Security expert Brian Krebs revealed the potential breach of Book2Park.com, an online parking reservation service. It was discovered after a large batch of stolen credit cards appeared on the black market.

Krebs connected with impacted banks and establish a pattern of use that incremented Book2Park as the common factor.

Anna Infante, owner of Book2Park.com, explained that an outside technology firm had recently discovered and removed malicious files from their web server.

“We already took action on this, and we are totally on it,” Infante said. “We are taking all further steps in protecting our customers and reporting this to the proper authorities.”

It is unclear why hackers continue to target parking garages. Consumers should opt to pay with cash when parking and avoid using online reservation systems until this matter is resolved.

Update: 3:30 p.m. ET: On January 13, Park ‘N Fly, released a statement outlining their findings regarding a data breach of their website’s online reservation system. The hack ultimately allowed cybercriminals to obtain customer payment card information.

The parking garage company has currently disabled online transactions to conduct system maintenance.  Reservations can now be made by contacting the toll-free number listed on the Park ‘N Fly homepage.

Park ‘N Fly will be offering 12 months of free identity monitoring and identity protection services to potentially impacted individuals.  Concerned customers should visit https://pnf.allclearid.com for information on how to enroll.

What happened?

Hackers have recently targeted parking garages across the country, causing a significant exposure to customer payment card information.

Two parking garages have confirmed breaches so far: Chicago-based SP Plus and Missouri-based St. Louis Parking Company. Security experts are now suspecting that a third parking garage company has been breached.

SP Plus announced their breach on November 28th. They discovered malware had been placed on their payment card processing systems in 17 locations across Illinois, Washington and Pennsylvania. Hackers stole names, credit and debit card numbers, expiration dates and verification codes of garage customers who visited between April and November 2014. Dates vary based on location. A list of SP Plus’ breached parking garages has been released.

Shortly after the SP Plus attack, the St. Louis Parking Company announced they too had been breached. Unlike SP Plus, only their Union Station parking facility had been impacted. Customers who used their credit or debit cards in the garage between October 6 and October 31 may have had their payment card compromised. It has not been specified how the cyber attack was executed.

Recently, security expert Brian Krebs, who is credited with discovering the Target data breach, announced his suspicions regarding a breach of the Atlanta-based parking company Park ‘N Fly. Park ‘N Fly has multiple airport-based parking facilities across the country. The accusations come after multiple reports of fraud on customer credit cards from financial institutions. The breach appears to only affect customers who used the company’s online reservation system.

Park ‘N Fly has hired outside security firms to investigate the matter. Despite the accusations, they have not yet confirmed a breach in the online payment systems.


What should you do?

Consumers should be on high alert during the holiday season, especially if they plan to travel. It is unclear if this pattern of attacks will continue. As a precaution, consumers should pay for parking with cash when visiting a parking facility.

If you have used your payment cards at one of these parking facilities, you should take the following precautionary measures:

  1. Monitor your bank statements for unusual transactions
  2. Check your credit report
  3. Report any unusual activity; remember, credit card companies will not hold customers liable for fraudulent charges as long as they are reported quickly
  4. Contact your financial institution to set up email or text alerts for your credit or debit cards

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John Burcham, Chief Privacy Officer at EZShield Fraud Protection
John Burcham is Corporate Counsel for EZShield. He is a Certified Compliance and Ethics Professional...
Read more about John Burcham.

Leave a Comment.