A million Park’N Fly customers have had their sensitive data stolen after the company suffered a cyberattack.
The news was confirmed in a data breach notification letter sent out by the company, which noted the threat actors accessed the company’s IT infrastructure in July 2024 using stolen VPN credentials.
The crooks stole people’s full names, email addresses, postal addresses, Aeroplan numbers, and CAA numbers. No payment data was taken, the company confirmed.
Passwords are safe
"Park'N Fly discovered that an unauthorized third party accessed our network through remote VPN access," the letter stated. "Based on our investigation, we determined that the unauthorized activity occurred between July 11 and July 13, 2024. On August 1, 2024, we determined that some of your personal information was likely affected by the incident."
Park'n Fly offers airport parking services, providing travelers with convenient, secure parking options near major airports across 70 locations across the world. Its biggest operations, however, are in Canada and the United States. The firm also offers additional services like car washing and valet parking to enhance the travel experience for its customers.
A company spokesperson said approximately one million customer files were accessed, but passwords were not taken.
It took Park’n Fly five days to restore its systems, and now it’s working on adding further security measures to make sure such incidents don’t occur again.
"While we deeply regret any concern this incident may have caused, we want to reassure our valued customers and partners that we are taking all necessary steps to safeguard their information," stated Park'N Fly's CEO, Carlo Marrello.
"We remain committed to transparency and will continue to prioritize the integrity of our systems as we navigate this situation."
Via BleepingComputer
More from TechRadar Pro
- EasyPark data breach may affect millions of customers
- Here's a list of the best firewall software around today
- These are the best endpoint security tools right now
