Officials at Park ‘N Fly (PNF) have confirmed that it has been victimized in a data breach affecting payment card data processed through its e-commerce website.
In a statement, the company said that the data compromise has been contained but remains under investigation.
“While the investigation is ongoing, it has been determined that the security of some data from certain payment cards that were used to make reservations through PNF’s e-commerce website is at risk,” according to the company. “The data potentially at risk includes the card number, cardholder’s name and billing address, card expiration date, and CVV code. Other loyalty customer data potentially at risk includes email addresses, Park ‘N Fly passwords, and telephone numbers.”
Park ‘N Fly offers offsite parking near airports for travelers. Just recently, United Airlines released an advisory stating that some customers with MileagePlus accounts – which are parted of United’s rewards program – were compromised by hackers. According to United, the hackers did not breach the company and got the login information from a “third-party source.” United also indicated the compromises could be due to users having the same password information for multiple sites.
“We’re seeing an emergent trend of attackers targeting travelers, which now appears to include a compromise of the Park-n-Fly website,” said Trey Ford, global security strategist at Rapid7. “As we saw with United and American Airlines, attackers are attracted by the personal information associated with loyalty programs, particularly details for high-limit personal and corporate credit cards with obvious market value.”
“Consumers may be somewhat easy targets in this area too as we often cut corners protecting ourselves on these kinds of sites, fueled potentially by an urgency to complete tasks, travel-related stressors, and sleep deprivation,” he added. “Give these considerations, consumers have a tendency to favor time-saving behaviors like password re-use, while stress, distraction and exhaustion raise our susceptibility to phishing campaigns. Travelers should take a few minutes to replace re-used passwords and double check travel loyalty balances.”
Park ‘N Fly is offering identity monitoring and protection services to potentially affected customers free of charge for the next 12 months.
“At no charge, PNF customers can also have these credit bureaus place a “fraud alert” on their files that alerts creditors to take additional steps to verify their identity prior to granting credit in their names,” the company advised.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
