According to investigative reporter Brian Krebs, the same cybercriminals thought to have been behind the credit card breaches at Target and Home Depot appear to have recently breached the U.S. airport parking service OneStopParking.com.
The Rescator cybercrime shop, which was the first to sell payment cards stolen from Target and Home Depot, recently began selling a new batch of cards. Sources at several banks told Krebs that the new batch had one thing in common: they’d all been used at OneStopParking.
The card data, which is being sold for $6 to $12 per card, includes the card number, expiration date and CVV code, along with the cardholder’s name, address and phone number.
OneStopParking manager Amer Ghanem told Krebs he first began receiving calls from customers about possible fraud about a week before Christmas. “It’s been something we have been dealing with for the past week, where some of our customers have called in and complained about fraudulent charges,” he said.
Ghanem said the complaints stopped after OneStopParking performed security scans and upgraded its website software, but the company is continuing to investigate the possible breach.
“We have been unable to identify any specific issues that [have] caused any credit card breach on our website,” Ghanem told Krebs. “However, being a part of the e-commerce industry and staying up to date with the security news, we are aware of security threats that are always around, especially during the holiday season, when people tend to shop and travel more.”
“We currently have two different services that are always monitoring traffic on our website 24/7 to ensure the safety of our customers,” Ghanem added.
The news of the likely breach at OneStopParking came just a week after a similar breach at parking company Park ‘N Fly. In a recent security update posted on its website, Park ‘N Fly announced that it had suspended its online reservations system “pending remediation,” and would only be taking reservations by phone.
“Separately, any customers who believe unauthorized charges may have been made to their credit card should contact us immediately at 1-800-404-7275 and also contact their respective financial institution,” the company added.
It’s been a rough few months for parking companies across the U.S. — Missouri’s St. Louis Parking Company recently acknowledged that hackers may have compromised the credit card data of customers who used its Union Station Parking Facility between October 6 and October 31, 2014; and in late November, parking facility service provider SP+ announced that a hacker had leveraged its payment card systems provider’s remote access tool to access the computers that process payment cards for 17 of its parking facilities.