SP+, a parking management services provider, late last week announced that 17 of its facilities in the United States had been breached and hackers may have made off with an unspecified number of payment card numbers.
In a statement, the company said it was notified on Nov. 3 by a payment processor that hackers had used the processor’s remote management tool to access computers at SP+ facilities in Chicago, Evanston, Ill., Cleveland, Philadelphia and Seattle.
“The unauthorized person used the remote access tool to install malware that searched for payment card data that was being routed through the computers that accept payments made at the parking facilities,” SP+ said in its statement.
The malware was able to sniff out cardholder information such as the customer’s name, card number, expiration date and verification code, SP+ said.
“Though SP+ does not have sufficient information to identify whether any specific cards were taken or to mail notification letters to the potentially affected cardholders, SP+ wanted to let its customers know about this incident as soon as it could,” SP+ said.
The breach dates back to April 14 at its Seattle location, and then again on Sept. 29 at its Chicago locations, Oct. 6 at one other Chicago facility, and Oct. 8 in Evanston, Cleveland and Philadelphia.
SP+ said it has cleaned the malware from its servers and that it has required the vendor implement two-factor authentication as a precaution. The company said its payment processor is working with credit card companies and banks, providing them with the affected credit card numbers so that cardholders may be notified.
While SP+ has not identified the type of malware used in the breach, point of sale malware is characterized by its ability to search for payment card data. PoS malware was used in a number of breaches this year, including Home Depot, Target and others.
Point of sale malware can sit in memory and snags payment card data before it is encrypted and sent to the payment processor. Also known as RAM scraping malware, families such as Dexter and Backoff have been implicated in a number of attacks.
Researchers at Kaspersky Lab earlier this year published data captured from two Backoff malware command and control servers sinkholed by the company. In two days, 100 infected systems, including popular restaurant and liquor store chains and a large freight shipping company tried to contact the servers, meaning they were compromised.