Point-of-Sale systems breached at major US parking garage operator

Been swiping your payment card to pay for parking in the US?

Time to check for unauthorized charges!

A North American parking company, SP+, says that on 3 November, it got a security heads-up from the company that provides and maintains its payment card systems.

On Friday, SP+ said in a notice that an unauthorized person used a remote-access tool to get their fingers into some of its parking facilities’ computers that process payment cards.

SP+ says that it immediately launched an investigation and got some forensic expertise on board to examine the payment systems in the affected parking facilities, which are mostly located in Chicago.

Other affected parking garages are in Philadelphia, Seattle, Cleveland, and Evanston, Illinois.

The company operates about 4,200 parking facilities in hundreds of cities across North America.

The breach affected a total of 17 SP+ parking facilities, the payment system provider told SP+. During the course of its investigation, SP+ identified yet another facility where card data was at risk.

SP+ hasn’t been able to identify whether any specific cards were taken or mailed notification letters to the potentially affected cardholders, but it does know that whoever installed the remote-access tool used it to install malware that sniffed out payment card data routed through the computers that accept payments made at the parking facilities.

The company says that the intruder(s) may have been able to grab cardholders’ names, card numbers, expiration dates, and verification codes.

The company’s notice lists the names of the specific parking garages that were breached.

If you think you used your card at any of the locations between the earliest and last dates it lists for each spot, definitely do keep an eye on your account statements for wonky activity.

If you see any unauthorized charges, contact the bank that issued your card. Credit card companies typically guarantee that cardholders won’t be held responsible for bogus charges.

Having said that, who remembers the name of the place where they plonk down their ride?

I say, if you’ve used your card to pay for parking in Chicago, Evanston, Cleveland or Seattle, then go ahead and check those statements.

Hell, even if you only ever park in Peoria or Pittsburgh, check your statements anyway!

After all, there’s been a plethora of Point-of-Sale system breaches, including at Home Depot, Subway sandwich restaurants, a slew of Jimmy John’s restaurants, a bunch of car washes,
KMart, and even Dairy Queen.

That’s right: you can’t even buy a soft-serve dairy treat without getting your card nicked.

But one thing’s for sure: when somebody mentions remote-access tools in relation to PoS systems, there’s a good chance that the crooks could have infiltrated systems used by more customers of that PoS system vendor.

These PoS breaches travel in clumps, so it pays to stay alert – after all, you don’t want to accidentally pay for a crook’s fraudulent charges.


Via: sophos

Save pagePDF pageEmail pagePrint page

Leave a Reply

Your email address will not be published. Required fields are marked *