Been swiping your payment card to pay for parking in the US?
Time to check for unauthorized charges!
A North American parking company, SP+, says that on 3 November, it got a security heads-up from the company that provides and maintains its payment card systems.
On Friday, SP+ said in a notice that an unauthorized person used a remote-access tool to get their fingers into some of its parking facilities’ computers that process payment cards.
SP+ says that it immediately launched an investigation and got some forensic expertise on board to examine the payment systems in the affected parking facilities, which are mostly located in Chicago.
Other affected parking garages are in Philadelphia, Seattle, Cleveland, and Evanston, Illinois.
The company operates about 4,200 parking facilities in hundreds of cities across North America.
The breach affected a total of 17 SP+ parking facilities, the payment system provider told SP+. During the course of its investigation, SP+ identified yet another facility where card data was at risk.
SP+ hasn’t been able to identify whether any specific cards were taken or mailed notification letters to the potentially affected cardholders, but it does know that whoever installed the remote-access tool used it to install malware that sniffed out payment card data routed through the computers that accept payments made at the parking facilities.
The company says that the intruder(s) may have been able to grab cardholders’ names, card numbers, expiration dates, and verification codes.
The company’s notice lists the names of the specific parking garages that were breached.
If you think you used your card at any of the locations between the earliest and last dates it lists for each spot, definitely do keep an eye on your account statements for wonky activity.
If you see any unauthorized charges, contact the bank that issued your card. Credit card companies typically guarantee that cardholders won’t be held responsible for bogus charges.
Having said that, who remembers the name of the place where they plonk down their ride?
I say, if you’ve used your card to pay for parking in Chicago, Evanston, Cleveland or Seattle, then go ahead and check those statements.
Hell, even if you only ever park in Peoria or Pittsburgh, check your statements anyway!
After all, there’s been a plethora of Point-of-Sale system breaches, including at Home Depot, Subway sandwich restaurants, a slew of Jimmy John’s restaurants, a bunch of car washes, KMart, and even Dairy Queen.
That’s right: you can’t even buy a soft-serve dairy treat without getting your card nicked.
But one thing’s for sure: when somebody mentions remote-access tools in relation to PoS systems, there’s a good chance that the crooks could have infiltrated systems used by more customers of that PoS system vendor.
These PoS breaches travel in clumps, so it pays to stay alert – after all, you don’t want to accidentally pay for a crook’s fraudulent charges.
Image of Parking lot courtesy of Shutterstock.
4 comments on “Point-of-Sale systems breached at major US parking garage operator”
Ehh..Something doesn’t add up or someone isn’t telling the whole story!
I parked in the listed Seattle parking garage 9/2013 and have not parked in any other of the listed garages, but I have parked in other Seattle garages. I also have not traveled to Chicago in over 20 years. Late last Wednesday I received a call from my bank, but missed it. Friday I received another call which I answered. It was from the fraud department asking I had tried to use my card in Chicago at a parking garage for $1 that was declined on Wednesday. Also there were several purchases around the Chicago area at food marts and gas stations on Thursday, all in the $40-$60 range.
Card canceled and no issues, but this breach goes back way past listed dates or does in fact affect a lot more parking garages then listed.
Doesn’t happen if you pay with Bitcoin! 😉
Crooks are so clever; who would thought of “hacking” parking garages? I get trying to break into big retail networks, but I never would have thought of garages. But I can hear some corporate exec telling his IT department that he wants to be able to access the network from home. And so it goes.
Lol, so plastic money aren’t so safe anymore 🙂