Park ‘N Fly, the off-site airport parking operator based in Atlanta, has said that a number of customers have had their personal information exposed following a data breach on their e-commerce website.
Card numbers, cardholder names, billing addresses, card expiration dates, security codes, and Park ‘N Fly login details (email addresses, passwords, and telephone numbers) are at risk. Hired data forensics experts are investigating the breach, which is said to have been contained.
“PNF is committed to protecting its customers and their information and will continue a comprehensive response to thoroughly investigate and respond to the incident and improve its data security,” the company says.
Currently (January 14, 2015 at 10:42am ET), Park ‘N Fly’s e-commerce part of their website is down and they are unable to process transactions.
Park ‘N Fly has a presence in 77 Park ‘N Fly and affiliate locations in 32 states throughout the US.
It is not yet known how many people have been affected, but this is the second airport parking lot to have suffered a compromise of customer payment cards. These types of parking lots are attractive to cyber criminals because they are mainly business customers using corporate credit cards that are less likely to check the use of their cards on a day-to-day basis.
Any organization that stores, transmits, or processes payment card information has to comply with the Payment Card Industry Data Security Standard (PCI DSS).
In broad terms, the Standard requires merchants and member service providers (MSPs) to:
- Build and maintain a secure IT network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
For further information on complying with the PCI DSS, you can download our free green paper. .
For help creating PCI DSS-compliant documentation, use the PCI DSS v3.0 Documentation Toolkit, which gives you all the policies and documentation that you need for compliance with the latest version of the PCI DSS, version 3.0.