Online Parking Services Compromised
Park 'N Fly and OneStopParking, two online parking reservation services, have both admitted to having been hacked, with customers' credit cards having been compromised.
A few weeks ago, Krebs On Security discovered credit card information for sale that appeared to have been stolen from the two competitors. This week, both companies confirmed that that had suffered a security breach.
Park 'N Fly says they have been in touch with security firms and have issued the following statement:
Park ‘N Fly (“PNF”) has become aware of a security compromise involving payment card data processed through its e-commerce website. PNF has been working continuously to understand the nature and scope of the incident, and has engaged third-party data forensics experts to assist with its investigation. The data compromise has been contained. While the investigation is ongoing, it has been determined that the security of some data from certain payment cards that were used to make reservations through PNF’s e-commerce website is at risk. The data potentially at risk includes the card number, cardholder’s name and billing address, card expiration date, and CVV code. Other loyalty customer data potentially at risk includes email addresses, Park ‘N Fly passwords, and telephone numbers.
Park 'N Fly has disabled their online commerce, directing customers to an 800 number instead, and are offering 12 months of credit monitoring to affected customers..
OneStopParking discovered that hackers were able to steal their information through a vulnerability in Joomla. Sadly, an update fixing the problem has been available since this past September, underscoring the importance of keeping your software up to date.
OneStopParking is in the process of notifying affected customers and plan to issue a statement on their website soon.