Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Park ‘N Fly Confirms Data Breach Impacting E-Commerce Customers

Officials at Park ‘N Fly (PNF) have confirmed that it has been victimized in a data breach affecting payment card data processed through its e-commerce website.

In a statement, the company said that the data compromise has been contained but remains under investigation.

Officials at Park ‘N Fly (PNF) have confirmed that it has been victimized in a data breach affecting payment card data processed through its e-commerce website.

In a statement, the company said that the data compromise has been contained but remains under investigation.

“While the investigation is ongoing, it has been determined that the security of some data from certain payment cards that were used to make reservations through PNF’s e-commerce website is at risk,” according to the company. “The data potentially at risk includes the card number, cardholder’s name and billing address, card expiration date, and CVV code. Other loyalty customer data potentially at risk includes email addresses, Park ‘N Fly passwords, and telephone numbers.”

Park ‘N Fly offers offsite parking near airports for travelers. Just recently, United Airlines released an advisory stating that some customers with MileagePlus accounts – which are parted of United’s rewards program – were compromised by hackers. According to United, the hackers did not breach the company and got the login information from a “third-party source.” United also indicated the compromises could be due to users having the same password information for multiple sites.

“We’re seeing an emergent trend of attackers targeting travelers, which now appears to include a compromise of the Park-n-Fly website,” said Trey Ford, global security strategist at Rapid7. “As we saw with United and American Airlines, attackers are attracted by the personal information associated with loyalty programs, particularly details for high-limit personal and corporate credit cards with obvious market value.”

“Consumers may be somewhat easy targets in this area too as we often cut corners protecting ourselves on these kinds of sites, fueled potentially by an urgency to complete tasks, travel-related stressors, and sleep deprivation,” he added. “Give these considerations, consumers have a tendency to favor time-saving behaviors like password re-use, while stress, distraction and exhaustion raise our susceptibility to phishing campaigns. Travelers should take a few minutes to replace re-used passwords and double check travel loyalty balances.”

Park ‘N Fly is offering identity monitoring and protection services to potentially affected customers free of charge for the next 12 months.

“At no charge, PNF customers can also have these credit bureaus place a “fraud alert” on their files that alerts creditors to take additional steps to verify their identity prior to granting credit in their names,” the company advised. 

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.