Popular Canadian airport parking service Park and Fly said it had suffered a data breach that affected about one million customers, after the company warned Canadian customers that their personal information may have been exposed in a data breach that occurred last month.
“Approximately one million customer files were accessed when a third party gained access to the Park and Fly network through unauthorized remote VPN access,” the company said in an emailed statement, Global News reported.
According to Park’N Fly, the breach occurred between July 11 and July 13 and may have included names, email addresses, postal addresses, Aeroplan numbers and CAA numbers, but no financial information.
“We would like to reiterate that no passwords or credit card payment information are stored on our servers,” the company said in a statement.
Park’N Fly data breach details
The company sent out an email on Monday informing customers about the breach, which it discovered more than three weeks ago.
“On August 1, 2024, we determined that some of our customers’ personal information may have been affected by this incident,” the email said.
“We have been diligently investigating this incident with the assistance of outside experts.”
The company said its platform was “fully restored within five days” and has since strengthened its cybersecurity.
“We deeply regret any concern this incident may have caused, but would like to reassure our valued customers and partners that we are taking all necessary measures to protect their information,” Park and Fly chief executive Carlo Marrero said in a statement.
The incident highlights the prevalence of data breaches and raises new questions about what is being done to prevent them and whether Canadians are notified quickly enough when they do occur.
A representative for Park and Fly said the company was “committed to transparency.”
“[We] “As we work through this, we will continue to prioritize the integrity of our system,” Marrero said.
Customer Concerns
Canadian news portal Village Media got in touch with one of the customers who received the email from Park and Fly. A resident named Don Wright told Village Media that he hadn’t used Park and Fly for over two years and that his initial concern was about his credit card.
“Thankfully, the email said that no fraudulent use of my credit card had been made, so that’s good news. But of course, I have to be careful with every text message and email I receive over the next six months.”
Wright added: “I run a business from this number so it’s a precarious situation that I’m receiving (fraudulent) text messages. If I get a text and don’t reply, will I lose my business?”
The company said it was “vigorously investigating” the incident with the help of outside experts and had increased its security monitoring through its cybersecurity partners, including updating antivirus software across its network. It also took several technical and administrative steps to further strengthen the security of its network, it said in a letter to customers.
“We encourage you to remain vigilant and watch out for phishing scams, including emails from unknown senders, emails that contain unusual content such as links or attachments, and emails asking you to provide personal information over the phone,” the letter said.
According to a privacy policy on the company’s website, Park’N Fly “retains personal information only for the period necessary to fulfill the purposes for which it was collected or as required by law.” The company also states that unless otherwise stated in its fine print, the default retention period for information collected is seven years, after which the information will be “destroyed or processed in a manner that makes it non-personally identifiable.”
