Park’N Fly data breach has affected nearly one million customers, revealed the popular Canadian airport parking service firm. The company has warned customers in the country that their personal information might have been compromised in a data breach that took place last month.
“Approximately 1 million customer files were accessed when a third party accessed the Park’N Fly network through unauthorized remote VPN access,” the company said in an email statement, as reported by Global News.
According to Park’N Fly, the leak took place between July 11 and July 13, and may have included names, email and mail addresses, and Aeroplan and CAA numbers, but did not contain financial information.
“We wish to reiterate that no passwords or credit card payment information is stored on our servers,” the firm wrote in a statement.
Park’N Fly Data Breach in Detail
The company sent an email on Monday notifying customers of the breach, which it discovered more than three weeks earlier.
“On August 1, 2024, we determined that some of your personal information was likely affected by the incident,” read the email.
“We have been diligently investigating this incident with the assistance of outside experts.”
The company said that its platforms were “fully restored within five days” and that it has since increased cyber security.
“While we deeply regret any concern this incident may have caused, we want to reassure our valued customers and partners that we are taking all necessary steps to safeguard their information,” said Park’N Fly chief executive officer Carlo Marrello in the statement.
The incident underscores the prevalence of data breaches and renews questions about what is being done to prevent them — and if they do happen, whether Canadians are being informed quickly enough.
The head of Park’N Fly said the company is “committed to transparency.”
“[We] will continue to prioritize the integrity of our systems as we navigate this situation,” Marrello said.
Customer’s Concerned
Canadian news portal Village Media got in touch with one of the customers who received email from Park’N Fly. A resident named Don Wright told the news outlet that he hadn’t used Park’N Fly in more than two years and that his initial concern was about his credit cards.
“Thankfully, the email said my credit card was not compromised, so that’s good news. But, of course, now I have to be aware of every single text and email I get for the next six months,”
Wright added. “It puts you in a precarious spot because I run a business off this number, so now that I am getting (fraudulent) texts … if I get texts and I don’t reply, am I going to be losing business?
The company says it has been “diligently investigating” the incident with the assistance of outside experts and has increased security surveillance through its cyber-security partner, including updating the anti-virus software throughout the network. The company says they also took several technical and administrative steps to further enhance the security of its networks, explained the letter to customers.
“We recommend you remain vigilant and be mindful of phishing attempts, such as emails from unknown senders, or those that contain unusual content, such as links or attachments, or being asked to provide personal information over the phone,” the letter states.
According to the privacy policy on the company’s website, Park’N Fly “will only retain your personal information as long as is necessary for the fulfillment of the purposes for which it was collected or as required by law.” The company also noted the default retention period for any information collection, unless specified differently in the fine print, is seven years “after which it is destroyed or rendered such that it is unable to identify you.”