Ahh, vacation. An opportunity to get away from stress, deadlines and technology. Unfortunately, identity thieves have found a new way to add stress to your attempt to de-stress. Since December 2014, three sites that offer online reservations for airport parking have been hacked.
According to Brian Krebs of Krebs on Security, stolen card information appeared for sale on an underground website frequented by criminals. Major banks obtained some of the card numbers and looked for commonality. Their sleuthing led them to the parking reservation websites.
The sites hacked in December are OneStopParking and Park ‘N Fly. In January, Book2Park was hacked. If you used these sites, check your statements immediately for charges that you did not make.
For victims of this data breach, it’s appalling to note that card numbers sold for just $6 to $18 each —a small price to pay for the havoc caused by identity theft.
According to Krebs, the crooks are the same “cybercriminal group” that stole more than 100 million credit and debit card numbers from Target and Home Depot. No one has been arrested in any of the hacks.
Krebs explains the hack, “These e-commerce site hacks are not wholly unlike compromises on consumer/end user PCs. Malware gets planted on the server that watches for visitors to enter sensitive data into order forms. The malware then secretly copies that data from the transaction stream before it can be encrypted.”
Book2Park’s Anna Infante told Krebs that malware has been found on her company’s server and removed. “We already took action on this, and we are totally on it. We are taking all further steps in protecting our customers and reporting this to the proper authorities.”
Online commentators believe the parking sites were targeted precisely because they involve travelers leaving for vacation or business trips. Away from home and routines, the potential victims may be less likely to check online statements.