Some parking facilities in downtown Chicago and Evanston say malware was used to capture credit card data at 13 different locations.
SP+, previously known as Standard Parking released information about the breach yesterday in a statement on it's website.
It's believed someone uploaded malware to payment systems, possibly capturing information of cardholders, including names, card numbers, expiration dates, and verification codes.
The person responsible apparently used a vendor’s remote access tool to get into computers that process payment cards.
SP+ learned about the security breach November 3, from the vendor who maintains the payment card systems.
In Chicago, the parking facilities that might have been affected are:
- 55 East Monroe - 9/29/2014 - 10/29/2014
- AON Center - 10/30/2014
- John Hancok Garage - 9/29/2014 - 11/4/2014
- 1460 Halsted (Black Hawk) - 9/29/2014 - 10/29/2014
- 10 East Ontario; Cumberland CTA - 9/29/2014 - 10/29/2014
- 500 West Monroe - 9/29/2014 - 10/29/2014
- Aqua - 9/29/2014 - 10/29/2014
- Presidential Towers - 9/29/2014 - 10/31/2014
- 120 North LaSalle - 10/6/2014 - 10/29/2014
In Evanston, the parking facilities that might have been affected are:
- Church Garage - 10/8/2014 - 10/26/2014
- Maple Garage - 10/8/2014 - 11/10/2014
- Sherman Garage - 10/8/2014 - 11/1/2014
Customers who used their cards at the locations on specific dates could be at risk, and should review their accounts for any suspicious activity.
SP+ is working with credit card companies to provide them with account numbers possibly affected, but according to a statement, does not have enough information to mail notices to cardholders.
The malware has since been disabled, and SP+ is requiring the vendor to require two-factor authentication for remote access, among other security measures.
Four other garages in Cleveland, Philadelphia and Seattle were also targeted.
Customers can visit the company’s website for a full list of affected parking facilities and the dates they were affected, or call 1-877-717-0004.