Officials at Park ‘N Fly (PNF) have confirmed that it has been victimized in a data breach affecting payment card data processed through its e-commerce website.
In a statement, the company said that the data compromise has been contained but remains under investigation.
“While the investigation is ongoing, it has been determined that the security of some data from certain payment cards that were used to make reservations through PNF’s e-commerce website is at risk,” according to the company. “The data potentially at risk includes the card number, cardholder’s name and billing address, card expiration date, and CVV code. Other loyalty customer data potentially at risk includes email addresses, Park ‘N Fly passwords, and telephone numbers.”
Park ‘N Fly offers offsite parking near airports for travelers. Just recently, United Airlines released an advisory stating that some customers with MileagePlus accounts – which are parted of United’s rewards program – were compromised by hackers. According to United, the hackers did not breach the company and got the login information from a “third-party source.” United also indicated the compromises could be due to users having the same password information for multiple sites.
“We’re seeing an emergent trend of attackers targeting travelers, which now appears to include a compromise of the Park-n-Fly website,” said Trey Ford, global security strategist at Rapid7. “As we saw with United and American Airlines, attackers are attracted by the personal information associated with loyalty programs, particularly details for high-limit personal and corporate credit cards with obvious market value.”
“Consumers may be somewhat easy targets in this area too as we often cut corners protecting ourselves on these kinds of sites, fueled potentially by an urgency to complete tasks, travel-related stressors, and sleep deprivation,” he added. “Give these considerations, consumers have a tendency to favor time-saving behaviors like password re-use, while stress, distraction and exhaustion raise our susceptibility to phishing campaigns. Travelers should take a few minutes to replace re-used passwords and double check travel loyalty balances.”
Park ‘N Fly is offering identity monitoring and protection services to potentially affected customers free of charge for the next 12 months.
“At no charge, PNF customers can also have these credit bureaus place a “fraud alert” on their files that alerts creditors to take additional steps to verify their identity prior to granting credit in their names,” the company advised.