Breach, Data Security

Malware installed at 17 parking facilities, payment cards at risk

Parking facility service provider SP+ announced that customer payment card data may be at risk, including cardholder names, card numbers, expiration dates, and verification codes.

Cards used at 17 locations – including in Chicago, Cleveland, Evanston, Ill., and Philadelphia – may have been compromised, a Friday post indicates. Most facilities were only affected from around Sept. 29 to Nov. 10, but a Seattle garage was impacted from April 14 to Oct. 31.

The company that provides and maintains payment card systems for certain SP+ locations notified the parking facility service provider on Nov. 3 that an unauthorized individual used its remote access tool to install malware, the post said.

“The malware has been disabled on all affected servers, and SP+ has required that the vendor convert to the use of two-factor authentication for remote access,” according to the post.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.