Park’N Fly is warning that a data breach exposed the personal and account information of 1 million customers in Canada after hackers breached its network.
The threat actors breached the Park’N Fly networks through stolen VPN credentials in mid-July and stole data from the company. On August 1, the company determined that customer information was also accessed during the attack.
“Park’N Fly discovered that an unauthorized third party accessed our network through remote VPN access,” reads the notice sent to customers and shared with BleepingComputer.
“Based on our investigation, we determined that the unauthorized activity occurred between July 11 and July 13, 2024. On August 1, 2024, we determined that some of your personal information was likely affected by the incident.”
Park’N Fly is a large provider of off-airport parking services in Canada, offering travelers a convenient place to park their cars when flying out of major airports across the country.
The firm, which also offers shuttle, car washing, and oil change services, operates facilities located near airports in Toronto, Vancouver, Montreal, Edmonton, and Ottawa.
The information that has been exposed in this includes full names, email addresses, physical addresses, aeroplan number, and CAA numbers.
Park’N Fly says that no financial or payment card information has been exposed.
A spokesperson for the company told BleepingComputer that approximately “1 million customer files were accessed,” noting that account passwords remain secure.
Impacted systems were fully restored within five days, stated the spokesperson, adding that they are implementing additional security measures to safeguard user information in the future.
“While we deeply regret any concern this incident may have caused, we want to reassure our valued customers and partners that we are taking all necessary steps to safeguard their information,” stated Park’N Fly’s CEO, Carlo Marrello.
“We remain committed to transparency and will continue to prioritize the integrity of our systems as we navigate this situation.”
Customers who received letters took to Reddit to vent their frustration by yet another data breach impacting them, questioning the established practice of companies keeping customer data around for long after the service has been offered.
Some noted that the leak of Aeroplan numbers could easily lead to account hijacks, advising password resets for those participating in Air Canada’s frequent-flyer program.
Park’N Fly warns impacted customers to remain vigilant and watch out for phishing attempts from unknown contacts, either via email or phone calls.
H/T Gerry Corcoran