Parking lots in Chicago, Seattle and Philadelphia hit by data breach

In the latest mass-scale data breach, cyber criminals maneuvered themselves into the network of parking facility service provider SP+.

Between September 29 and November 10, criminals had access to payment card data at garages in Philadelphia, Seattle and Chicago, including:

  • Cardholders’ names
  • Card numbers
  • Expiration data
  • Verification codes

Below is a list of the 17 affected parking facilities and the dates when they were at risk.

FACILITY CITY EARLIEST AT RISK LAST AT RISK
55 EAST MONROE CHICAGO 9/29/2014 10/29/2014
AON CENTER CHICAGO 9/29/2014 10/30/2014
JOHN HANCOCK GARAGE CHICAGO 9/29/2014 11/04/2014
1460 N. HALSTED (BlackHawk) CHICAGO 9/29/2014 10/29/2014
10 E. ONTARIO CHICAGO 9/29/2014 10/29/2014
CUMBERLAND CTA CHICAGO 9/29/2014 10/29/2014
500 W MONROE CHICAGO 9/29/2014 10/29/2014
AQUA CHICAGO 9/29/2014 10/29/2014
PRESIDENTIAL TOWERS CHICAGO 9/29/2014 10/31/2014
120 NORTH LASALLE CHICAGO 10/06/2014 10/29/2014
GATEWAY EAST GARAGE CLEVELAND 10/08/2014 10/23/2014
CHURCH GARAGE EVANSTON 10/08/2014 10/26/2014
MAPLE GARAGE EVANSTON 10/08/2014 11/10/2014
SHERMAN GARAGE EVANSTON 10/08/2014 11/01/2014
1700 MARKET STREET PHILADELPHIA 10/08/2014 10/22/2014
NATIONAL CONSTITUTION CENTER PHILADELPHIA 10/08/2014 10/22/2014
520 PIKE GARAGE SEATTLE 4/14/2014 10/31/2014

The alarm was raised to SP+ on November 3 by their payment card processor, who informed them of unauthorized access on their network. The cyber criminal(s) used a remote access tool (RAT) to plant malware designed to search for payment card data.

An investigation was launched immediately, and a public notice was posted on the SP+ website:

“Though SP+ does not have sufficient information to identify whether any specific cards were taken or to mail notification letters to the potentially affected cardholders, SP+ wanted to let its customers know about this incident as soon as it could.”

If you used your card at one of the above locations between the dates listed, then we recommend that you review your statements for any unauthorized activity. If you spot something which isn’t genuine, then contact your bank immediately.

Want to keep up-to-date on the latest hacks and breaches? Subscribe to our Daily Sentinel for daily updates as well as a free gift everyday until Christmas.

Leave a Reply

Your email address will not be published. Required fields are marked *