The holiday shopping season is now well and truly upon us. This being 2014 and all, that also means the holiday hacking season is upon us. Last year Target was infamously the, er, target of Black Friday bad guys. This year, though, it’s not just stores losing your information to criminals. Now you have to worry about the parking lots outside of them, too.
Network security news site SecurityWeek reported over the holiday weekend that hackers got into the systems of a large parking vendor this year, and were indeed able to steal customer name and payment card information.
The company, SP+ (known as Standard Parking until 2013), said that they learned about the breach on November 3, when they received notice from a third-party vendor that provides the payment card systems at some of their parking garages. The vendor said that “an unauthorized person” had connected remotely to the payment processing systems in some of those facilities.
The breach ran for almost seven months, from April 14 through November 10 of this year. Although parking facilities in Cleveland, Philadelphia, Seattle, and Evanston were hit, most of the targets were in Chicago. SP+ said that the hack affected 17 of its 2400 parking facilities.
SP+ says that the malware has been removed, and that they have improved security processes for their networks in the future including requiring two-factor authentication for remote access.
The company has not yet notified consumers whose card numbers were breached. However, they are currently working with the payment processor to identify which card numbers were stolen, in order to alert the card-issuing banks.
Parking garage hacks are just the latest in a long and seemingly never-ending string of data breaches. If the last year has taught us anything, it’s that you may as well assume that anyplace you use a credit card will eventually be hacked. So remember: keep a strong eye on all your card and account statements while you’re doing your holiday shopping, and call the bank at the first mysterious sign.
Hackers Infiltrate Payment Systems of Major Parking Garage Operator [SecurityWeek via NextGov]
by Kate Cox via Consumerist
No comments:
Post a Comment