Now the Parking Lots near Retailers are Getting Hacked

SP+, formerly known as Standard Parking Corp., which provides parking, maintenance and security services, says an attacker breached its payment processing systems and was able to access customer names and payment card information.

The company learned of the compromise from its payment card system provider. The third-party provider warned that an unauthorized person had used a remote access tool to connect to the payment systems at some parking facilities.

SP+ did not disclose how many cards are affected, but said the attacker struck 17 of its parking facilities.

The company operates roughly 4,200 parking facilities across North America.

“The unauthorized person used the remote access tool to install malware that searched for payment card data that was being routed through the computers that accept payments made at the parking facilities,” SP+ noted in a breach disclosure. “The information from payment cards that may have been captured by the malware is the cardholder's name, card number, expiration date, and verification code.”

Facilities in Chicago, Cleveland, Philadelphia, Seattle, and Evanston were affected by the breach. Most of the locations hit were located in Chicago.

The company has asked its payment processor to identify the account numbers of cards used during the period of attack, in order to alert banks that issued the cards.

SP+ did not say what type of malware was found on the systems.