Newsroom

Park ‘N Fly and OneStopParking.com, which are competing airport parking services, confirmed last week that their sites were hacked and consumers' credit card data was leaked.

KrebsOnSecurity.com reported on Park ‘N Fly's statement that the company's site was hacked; the statement did not note how long the breach occurred or how many customers may have been affected. Likewise, OneStopParking.com suffered a similar breach when hackers broke into its systems via a vulnerability that it failed to address.

Brian Krebs, author of KrebsOnSecurity.com, noted that unlike card data stolen for retailers, "which can be encoded onto new plastic and used to by stolen goods in physical retail stores – cards stolen from online transactions can only be used by thieves for fraudulent online purchases."

He noted that stolen data from these airport parking services went up for sale on the same crime shop that hosted stolen cards from retailer breaches at Target, Home Depot, Sally Beauty and P.F. Chang's. Krebs said the card data ranged in price on the criminal site from $6-$9 per card and included the card number, expiration date, three-digit card verification code and card holder's name, address and phone number.

NAFCU was the first financial trade organization to call for national data security standards for retailers in the wake of the massive Target data breach last year, and continues to push for legislative action. Credit unions are already subject to standards under the Gramm-Leach-Bliley Act. NAFCU has also pushed for a bipartisan-bicameral working group in Congress to develop a legislative response to the continuing series of retailer data security breaches.