Breach Notification , Card Not Present Fraud , Incident & Breach Response

Park 'N Fly Confirms Data Breach

Payment Card Information Exposed
Park 'N Fly Confirms Data Breach

Park 'N Fly is notifying an undisclosed number of customers that their payment card information was exposed following a compromise of the company's e-commerce website.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

The data breach follows a security incident at parking facility provider SP+, formerly Standard Parking Corp., which involved the compromise of a POS system vendor and exposed payment card details (see: Why Attacks Exploit Common POS Systems).

Airport parking lots are attractive targets for fraudsters because they are often used by business travelers utilizing business or commercial credit cards, says one card issuer who asked not to be named. "These cards are favored by fraudsters because of high lines, low decline rates and less scrutiny on a day-to-day basis by cardholders," the issuer says.

Park 'N Fly, an offsite airport parking operator based in Atlanta, says that it has hired data forensics experts to assist with its investigation of the breach, which has been contained.

"While the investigation is ongoing, it has been determined that the security of some data from certain payment cards that were used to make reservations through PNF's e-commerce website is at risk," the company says in a Jan. 13 statement.

Compromised information includes card numbers, cardholder names, billing addresses, card expiration dates and security codes. Other loyalty customer data that may have been exposed includes e-mail addresses, Park 'N Fly passwords and telephone numbers.

Impacted customers are being offered free credit monitoring and identity protection services for one year. Park 'N Fly says it's working with law enforcement and credit card brands to investigate the incident.

"PNF is committed to protecting its customers and their information and will continue a comprehensive response to thoroughly investigate and respond to the incident and improve its data security," the company says.

The company did not immediately respond to a request for comment. News of a possible breach at Park 'N Fly was first reported by security blogger Brian Krebs.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.