Parking facility service provider SP+ announced that customer payment card data may be at risk, including cardholder names, card numbers, expiration dates, and verification codes.
Cards used at 17 locations – including in Chicago, Cleveland, Evanston, Ill., and Philadelphia – may have been compromised, a Friday post indicates. Most facilities were only affected from around Sept. 29 to Nov. 10, but a Seattle garage was impacted from April 14 to Oct. 31.
The company that provides and maintains payment card systems for certain SP+ locations notified the parking facility service provider on Nov. 3 that an unauthorized individual used its remote access tool to install malware, the post said.
“The malware has been disabled on all affected servers, and SP+ has required that the vendor convert to the use of two-factor authentication for remote access,” according to the post.