Security Experts:

Connect with us

Hi, what are you looking for?



Hackers Infiltrate Payment Systems of Major Parking Garage Operator

After the number of major breaches affecting some of the largest retailers this year, some may feel uneasy as they approach the cashier to pay for their purchases. Now consumers have another place to worry about–parking garages.

After the number of major breaches affecting some of the largest retailers this year, some may feel uneasy as they approach the cashier to pay for their purchases. Now consumers have another place to worry about–parking garages.

SP+, a company that provides parking, maintenance and security services to property owners, said on Friday that an unauthorized attacker gained access to its payment processing systems and was able to access customer names and payment card information.

The company said that on November 3, 2014 it received a security notice from a third party vendor that provides payment card systems for some of its parking facilities. The noticed warned that an unauthorized person had used a remote access tool to connect to the payment processing systems at some of those facilities and that customer data was at risk.

Parking Garages Payment Systems HackedThe company said that after learning the incident, an investigation was launched with the help of a “leading computer forensic firm” in order to determine the extent of the breach.

The company, which changed its name from Standard Parking Corporation to SP Plus Corporation in 2013, did not disclose how many card numbers may have been compromised, but said the attack affected 17 of its parking facilities.

Through its Standard Parking and Central Parking brands, the company operates roughly 4,200 parking facilities in hundreds of cities across North America, and has approximately 23,000 employees.

“The unauthorized person used the remote access tool to install malware that searched for payment card data that was being routed through the computers that accept payments made at the parking facilities,” SP+ noted in a breach disclosure. “While SP+ was conducting this investigation, it identified one additional facility where card data was at risk. The information from payment cards that may have been captured by the malware is the cardholder’s name, card number, expiration date, and verification code.”

Parking facilities in Chicago, Cleveland, Philadelphia, Seattle, and Evanston were affected by the breach, though a majority of the locations affected were located in Chicago.

“Though SP+ does not have sufficient information to identify whether any specific cards were taken or to mail notification letters to the potentially affected cardholders, SP+ wanted to let its customers know about this incident as soon as it could,” the company said.

SP+ also said that it has notified its payment processor to provide them with the account numbers for cards used during the period at risk so that issuing banks for the cards could be alerted.

The company said that the malware has been removed on all affected servers, and that it has implemented additional security measures including forcing the vendor use of two-factor authentication for remote access.

SP+ did not say what type of malware was found on the systems.

Earlier this week, a new strain of point-of-sale malware targeting e-kiosks and ticket vending machines was uncovered by intelligence firm IntelCrawler. Dubbed ‘d4re|dev1|’, the malware is hitting mass transit systems, and acts a backdoor that gives attackers remote administration capabilities. It also has RAM scrapping and keylogging features, IntelCrawler said.

IntelCrawler CEO Andrew Komarov told SecurityWeek that the “Dare Devil” malware has compromised at least 80 merchants. Komarov said that the attackers are installing the malware using unsecure remote administration channels, including tools like TeamViewer and pcAnywhere. In some cases, the attackers are looking for specific retail management systems in order to compromise them using application vulnerabilities.

Earlier this year, IntelCrawler discovered Nemanja, a botnet comprised of roughly 1,500  terminals and other systems, and POSCLOUD, which targets cloud-based PoS software used by many grocery stores, retailers, and other small businesses.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.