Airport parking service Park ‘N Fly has notified customers of a compromise of payment card data.
In a statement, Park ‘N Fly confirmed that it has been working “continuously” to understand the nature and scope of the incident, and has engaged third-party data forensics experts to assist with its investigation.
A service that allows customers to reserve spots in advance of travel via an internet-based reservation system, the story was originally revealed in late 2014 by journalist Brian Krebs. In response to questions from KrebsOnSecurity, Park-n-Fly said it engaged multiple outside security firms to investigate breach claims made by financial institutions, but so far has been unable to find a breach of its systems.
The incident was first revealed when two different banks saw fraud on a significant number of customer cards that previously – and quite recently – had been used online to make reservations at a number of more than 50 Park-n-Fly locations nationwide.
Park ‘N Fly confirmed in its statement that the data compromise has been contained, but the data potentially at risk includes the card number, cardholder’s name and billing address, card expiration date and CVV code. Other loyalty customer data potentially at risk includes email addresses, Park ‘N Fly passwords, and telephone numbers.
“Park ‘N Fly regrets any inconvenience this security compromise may cause,” it said. “Park ‘N Fly is committed to protecting its customers and their information, and will continue a comprehensive response to thoroughly investigate and respond to the incident and improve its data security. The company is also is working with law enforcement and credit card brands.”