Park ‘N Fly has warned that hackers have infiltrated its network, exposing personal and account information for one million Canadian customers.
Threat actors used stolen VPN credentials to infiltrate Park’N Fly’s network in mid-July and steal data from the company, which determined on August 1 that customer information was also accessed during the attack.
“Park’N Fly has discovered that an unauthorized third party has accessed our network through remote VPN access,” said the notice sent to customers and shared with BleepingComputer.
“Following our investigation, we determined that the fraudulent activity occurred between July 11th and July 13th, 2024. On August 1st, 2024, we became aware that some of our customers’ personal information may have been affected by this incident.”
Park’N Fly is Canada’s leading provider of off-airport parking services, offering travellers departing from the country’s major airports a convenient place to park their cars.
The company also offers shuttle services, car washes and oil changes, and operates facilities near airports in Toronto, Vancouver, Montreal, Edmonton and Ottawa.
The information released thereby includes names, email addresses, addresses, flight plan numbers and CAA numbers.
Park ‘N Fly said no financial or payment card information was leaked.
A company spokesperson told BleepingComputer that approximately one million customer files were accessed, and noted that account passwords were kept secure.
Affected systems were fully restored within five days, a spokesperson said, adding that the company was implementing additional security measures to protect user information going forward.
“We deeply regret any concern this incident may have caused, but we want to reassure our valued customers and partners that we are taking all necessary measures to protect their information,” Park and Fly CEO Carlo Marrero said.
“We remain committed to transparency and will continue to prioritize the integrity of our systems as we navigate this situation.”
Customers who received the letter took to Reddit to express their outrage over yet another data breach affecting them, and questioned the practice of companies storing customer data for long periods after services have been provided.
Some have pointed out that leaking Aeroplan numbers could easily lead to account hijacking, and have urged anyone who participates in the Air Canada frequent flyer program to reset their passwords.
Park ‘N Fly is warning affected customers to remain vigilant and beware of phishing scams from unknown contacts via email or phone.
By Jerry Corcoran