Submission + - Hackers Breach Payment Systems of Major Parking Garage Operator (securityweek.com)
wiredmikey writes: Parking garage operator SP+ said on Friday that an unauthorized attacker gained access to its payment processing systems and was able to access customer names and payment card information. The company, which operates roughly 4,200 parking facilities in hundreds of cities across North America, said the attack affected 17 SP+ parking facilities.
According to the company, an unauthorized person had used a remote access tool to connect to the payment processing systems to install malware which searched for payment card data that was being routed through the computers that accept payments made at the parking facilities.
Parking facilities in Chicago, Cleveland, Philadelphia, Seattle, and Evanston were affected by the breach, though a majority of the locations affected were located in Chicago.
SP+ did not say what type of malware was found on the systems. Earlier this week, a new strain of point-of-sale malware targeting e-kiosks and ticket vending machines was uncovered by intelligence firm IntelCrawler. Dubbed 'd4re|dev1|', the malware is hitting mass transit systems, and acts a backdoor that gives attackers remote administration capabilities.
According to the company, an unauthorized person had used a remote access tool to connect to the payment processing systems to install malware which searched for payment card data that was being routed through the computers that accept payments made at the parking facilities.
Parking facilities in Chicago, Cleveland, Philadelphia, Seattle, and Evanston were affected by the breach, though a majority of the locations affected were located in Chicago.
SP+ did not say what type of malware was found on the systems. Earlier this week, a new strain of point-of-sale malware targeting e-kiosks and ticket vending machines was uncovered by intelligence firm IntelCrawler. Dubbed 'd4re|dev1|', the malware is hitting mass transit systems, and acts a backdoor that gives attackers remote administration capabilities.