In the latest mass-scale data breach, cyber criminals maneuvered themselves into the network of parking facility service provider SP+.
Between September 29 and November 10, criminals had access to payment card data at garages in Philadelphia, Seattle and Chicago, including:
- Cardholders’ names
- Card numbers
- Expiration data
- Verification codes
Below is a list of the 17 affected parking facilities and the dates when they were at risk.
|FACILITY||CITY||EARLIEST AT RISK||LAST AT RISK|
|55 EAST MONROE||CHICAGO||9/29/2014||10/29/2014|
|JOHN HANCOCK GARAGE||CHICAGO||9/29/2014||11/04/2014|
|1460 N. HALSTED (BlackHawk)||CHICAGO||9/29/2014||10/29/2014|
|10 E. ONTARIO||CHICAGO||9/29/2014||10/29/2014|
|500 W MONROE||CHICAGO||9/29/2014||10/29/2014|
|120 NORTH LASALLE||CHICAGO||10/06/2014||10/29/2014|
|GATEWAY EAST GARAGE||CLEVELAND||10/08/2014||10/23/2014|
|1700 MARKET STREET||PHILADELPHIA||10/08/2014||10/22/2014|
|NATIONAL CONSTITUTION CENTER||PHILADELPHIA||10/08/2014||10/22/2014|
|520 PIKE GARAGE||SEATTLE||4/14/2014||10/31/2014|
The alarm was raised to SP+ on November 3 by their payment card processor, who informed them of unauthorized access on their network. The cyber criminal(s) used a remote access tool (RAT) to plant malware designed to search for payment card data.
An investigation was launched immediately, and a public notice was posted on the SP+ website:
“Though SP+ does not have sufficient information to identify whether any specific cards were taken or to mail notification letters to the potentially affected cardholders, SP+ wanted to let its customers know about this incident as soon as it could.”
If you used your card at one of the above locations between the dates listed, then we recommend that you review your statements for any unauthorized activity. If you spot something which isn’t genuine, then contact your bank immediately.
Want to keep up-to-date on the latest hacks and breaches? Subscribe to our Daily Sentinel for daily updates as well as a free gift everyday until Christmas.