Canadian off-airport parking service provider Park’N Fly is notifying 1 million customers of a security incident involving their personally identifiable information.
On August 23, 2024, Park’N Fly reported a significant data breach that compromised approximately 1 million customer records. The affected customers were notified via email about the breach. Park’N Fly, which offers 24/7 parking and shuttle services at airports across seven Canadian cities, including east of the Edmonton International Airport, Canada. The company emphasized that no financial information was compromised in the incident. The breach occurred between July 11 and July 13, when an unauthorized individual gained access to the company’s systems through remote VPN access. Following an internal investigation, it was confirmed that the hackers accessed personal details, including customers’ contact information (such as email addresses and physical addresses), Aeroplan numbers, and CAA (Canadian Automobile Association) numbers. The company did not disclose the identity of the attacker group or how they gained access to its VPN network.
The company acted swiftly to restore all platforms, achieving full recovery within five days. Park’N Fly is now working with external experts to further investigate the breach. The company has directly contacted all customers whose information may have been compromised, urging them to stay vigilant against phishing attempts and suspicious emails.
Reassuringly, no passwords, financial details, or payment information were accessed during the breach. In response to the incident, Park’N Fly has invested in enhanced cybersecurity measures and provided additional training to staff to strengthen IT resource protection.
What can users do to minimize risks?
In the aftermath of a data breach, including seemingly less impactful ones, you should:
- Change and strengthen passwords. Reset passwords for any accounts that used the same login credentials – even if the breach notice does not say passwords were involved. It’s best to be proactive; this way, you can inspect potential weak points in your security posture.
- Enable 2FA where possible for an extra layer of security and consider using a password manager to help you create and manage complex passwords
- Be cautious of phishing and scams. Scammers exploit breaches to conduct phishing attacks. Watch out for emails, texts or calls that request personal information, even if they seem legitimate
For any customers with concerns or questions regarding the breach, Park’N Fly has established a dedicated support hotline, available toll-free at 1-844-405-3577, Monday to Friday from 9:00 a.m. to 5:00 p.m.
Not a Park’N Fly user but curious if your email was ever compromised ? (Bonus)
You can easily check by visiting HaveIbeenPwned and entering your email to see if it was involved in any data breaches.
References –
https://www.bleepingcomputer.com/news/security/parkn-fly-notifies-1-million-customers-of-data-breach
https://dailyhive.com/canada/park-n-fly-canada-data-security-breach
https://www.cpomagazine.com/cyber-security/park-n-fly-data-breach-impacts-a-million-customers
Thanks for sharing detailed information. The fact that the breach was carried out through remote VPN access highlights major vulnerabilities in managing and securing remote access. It raises crucial questions about the effectiveness of current security measures for remote access points and how they are monitored. According to me companies should focus on enhancing VPN security by implementing multi-factor authentication (MFA) and using strong encryption to safeguard remote access points. I’m keen to hear your thoughts on key lessons companies should take away from this breach.
I agree that multi-factor authentication (MFA) should be required for VPN connections. Although not publicly disclosed, it’s possible that an internal threat could have been involved. Implementing stricter access policies for customer databases could also help mitigate risks.
This is very alarming for me. Even if the company reassured their clients that no passwords, financial details or payment information were accessed, it was confirmed that the hackers accessed the personal details such as physical addresses which is already a sensitive information and should be treated equally important information that needs to be protected as well. We might think that these might be harmless data but coupled with other personal information could cause great harm. Additionally, unlike passwords where you can change it, personal details, physical addresses are permanent or can’t be change in an instant. Even if users make proactive security measures, it is the companies’ responsibility to make sure that everyone’s information are secured.
I agree that personal information is especially valuable because it cannot be changed easily, unlike passwords. For example, leaked details like the CAA number could be used to create flight plans and target individuals with spearheaded attacks. Companies should be held accountable and liable to compensate for leaks involving sensitive data.
It’s reassuring to know that no financial information was compromised, but it’s still alarming to see such a large number of customer records exposed. For those impacted, taking proactive steps like changing passwords and staying alert for phishing scams is essential. Thanks for sharing this update, Smruti Ranjan Dash—let’s hope this incident serves as a wake-up call for improved cybersecurity practices everywhere.
It is again reminding us the basics of security because humans are the weakest link in security. Although the breach didn’t cause any financial loss, it exposed some private information. Park’N Fly investment to enhanced security measures and trainings are the better gesture here.
Its alarming to see that information was compromised just by accessing through VPN in that case the exact location of hacker is not traceable. But, people using park n fly their information apart from financial is compromised and its easy for the hacker to get access to some of customers information as being human we don’t keep strong passwords for all the applications. Also, being in digital world where all our cards are stored on our mobile devices and in apps we use frequently we miss basic steps to keep our data secure in case of such breaches.
In effort to make the application more secure, the park n fly should implement more security measures and encryption methods on customers data.