A Chicago-based provider of parking facilities says someone used malware to capture credit card data at 13 different parking facilities in downtown Chicago and Evanston.
SP+, formerly known as Standard Parking, disclosed the breach Friday in a statement to customers posted on its website.
Someone uploaded malware to payment systems used in 17 of its parking garages and may have captured cardholders’ names, card numbers, expiration dates and verification codes, the statement said.
Nine of the affected facilities are in downtown Chicago, the West Loop or Near North Side, including ones at the John Hancock building, the Aon Center and Aqua, the statement said.
A parking facility at the Cumberland CTA stop on the Northwest Side was also affected, as were three garages in north suburban Evanston, the statement said. Four other garages in Cleveland, Philadelphia and Seattle were also targeted.
The person responsible apparently used a vendor’s remote access tool to get into computers that process payment cards in some facilities, the statement said. SP+ learned about the security breach Nov. 3 from the vendor, which provides and maintains the payment card systems.
Customers who used their cards at the locations on specific dates between late September and early November could be at risk, and should review their accounts for any suspicious activity, the company said.
SP+ is working with credit card companies to provide them with account numbers that could be affected, but does not have enough information to mail notices to cardholders, the statement said.
The malware has since been disabled, and SP+ is requiring the vendor to require two-factor authentication for remote access, among other security measures.
The parking facilities that might have been affected were in Chicago were 55 East Monroe; AON Center; John Hancok garage; 1460 Halsted (Black Hawk); 10 East Ontario; Cumberland CTA; 500 West Monroe; Aqua; Presidential Towers and 120 North LaSalle. In Evanston, the facilities were Church Garage, Maple Garage and Sherman Garage.
Customers can visit the company’s website for a full list of affected parking facilities and the dates they were affected, or call 1-877-717-0004.