Chicago-area parking vendor SP+ compromised

[+OLD CS1]

If anyone used a parking garage in the Chicago area (Evanston is included) during the Faire, take close looks at your bank statements. (The article does not give a time frame, just that a notification was given on November 3rd.)

 

Hackers Infiltrate Payment Systems of Major Parking Garage Operator | SecurityWeek.Com
http://www.securityweek.com/hackers-infiltrate-payment-systems-major-parking-garage-operator

[+Ksarul]

I paid cash when I checked out of the garage in Evanston. . .I tend to avoid using cards in strange payment systems.

[+InsaneMultitasker]

The cash option wasn't working on one of the outside 'meters', so I think I swiped a card at least once while out there. While dropping quarters into the device it became clear that without a meter holding time, person A can pay for 2 hours, leave early, and the next person who pulls in gets none of that time credited to their parking. Quite the ripoff. (end rant)

 

Anyway, thanks for sharing this!

[+acadiel]

I think this was on my Discover... so I'll have to watch it. Probably get a new card and number and then have to change a couple auto pays. Grr.

[+OLD CS1]

I have had my personal and business cards replaced several times within a couple of months because of breaches. It really aggravates me because I work in the industry and I know that it is NOT difficult to secure your shit! But you get managers (IT and otherwise) who insist on bowing to external vendor demands even if it brings you out of compliance... let alone common sense! Almost like Target, K-Mart, Jimmy Johns, Dairy Queen, TJX, et. al. simply never happened.

 

I have begun bullying and strong-arming vendors into working in compliance, to the point that if I find a remote access program installed, I involve them in an investigation, tying them up for hours while we run down a list of questions until they just do it OUR way. Including expiring passwords and a policy which requires them to call before they can gain access to the system. Pisses them off, but it saves a lot of trouble in the end.

 

Sure, these business are insured against losses and damages, but what about the end customer who has implicitly, if not explicitly, trusted these business with personal and financial data? While it may not be a big deal that a business's POS systems were compromised and any illegitimate charges to my account will be taken care of, no one covers my lost time going through all of the disparate payment systems which have my information on-file because I have to give it to them (another potential weak link,) and if I miss one I get in a metric shit-tonne of trouble when they try to bill an invalid card.