The Delaware River and Bay Authority (DRBA) has warned people who have made purchases at Cape May-Lewes Ferry terminals and vessels that their payment card data might have been compromised.
The authority learned of a possible data breach on July 30th, when it launched an investigation aided by third-party forensic experts. The investigation is ongoing, but so far the organisation has determined that the credit and debit cards of individuals who purchased food, beverages and retail items between September 30th 2013 and August 7th 2014 at Cape May-Lewes Ferry terminals and vessels are at risk.
There is no evidence to suggest that the breach impacts reservation systems, but the malware planted by the attackers had access to card numbers, cardholder names and/or card expiration dates.
The DRBA has not determined that any specific payment card data was stolen by the intruders, and those who used their credit and debit cards to purchase ferry tickets online or at terminal point of sale locations are not affected by the incident.