{"id":604,"date":"2024-09-27T16:26:19","date_gmt":"2024-09-27T22:26:19","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/?p=604"},"modified":"2024-09-27T16:32:53","modified_gmt":"2024-09-27T22:32:53","slug":"parkn-fly-data-breach","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/2024\/09\/27\/parkn-fly-data-breach\/","title":{"rendered":"Park’N Fly Data Breach\u00a0"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

Introduction<\/strong> <\/p>\n\n\n\n

Park\u2019N Fly is a popular airport parking service that experienced a data breach between July 11 to July 13, 2024. This company operates in several cities in Canada such as Ottawa, Montreal, Halifax, Edmonton, Toronto, Winnipeg, and Vancouver. The level of compromise was announced much later in August 2024, disclosing that about 1 million customer files were compromised and unauthorized access was gained.  <\/p>\n\n\n\n

This notice was provided to the customers, informing them that personal information such as names, email addresses, mail addresses, and Aeroplan and CAA numbers were exposed in this breach, however, it was stated that no payment information was involved in the breach. This event emphasizes the importance of having appropriate measures in place to protect customer data.  <\/p>\n\n\n\n

Details of the Breach<\/strong> <\/p>\n\n\n\n

Companies that process high levels of customer data including data as sensitive as payment card information which is subject to PCI DSS (Payment Card Industry Data Security Standard), must have a strong security posture to protect data. Although payment information was not compromised, the level of PII (Personally Identifiable Information) compromised is huge under a wide number of privacy laws such as the FOIP Act, PIA, PIPA, PIPEDA, etc.  <\/p>\n\n\n\n

Looking at how the breach occurred, an adversary breached Park\u2019N Fly\u2019s networks through a remote VPN during the time frame mentioned above. It is also important to note that the platforms and services were restored within 5 days after the incident. This shows the importance of business continuity and incident management procedures as it would\u2019ve been almost impossible to recover from the breach with these areas lacking.  <\/p>\n\n\n\n

The organization took active measures to identify the root cause and determine the level of damage caused which was followed by promptly notifying the affected customers of the data compromise. Their actions reflect transparency in their practices, which should be a priority when the security of customer data is involved. Following this, the CEO issued an apology to customers and assured them of efforts to safeguard their data going forward. <\/p>\n\n\n\n

Implications for Customers and Businesses<\/strong> <\/p>\n\n\n\n

While acknowledging the steps the company took to contain the incident, it is also important to highlight the potential risks to the customers whose information was leaked in this breach. Customers are now exposed to different security attacks such as phishing, and identity theft. Attackers can target customers by sending them phishing emails pretending to be Park\u2019N Fly or another company in an attempt to defraud them or worse. The level of information leaked also exposed the affected customers to identity theft, which led to several angry and frustrated customers. This emphasizes the importance for businesses to monitor VPN access logs for suspicious activity and ensure customer information is encrypted. Encrypting customer data ensures that in the event of a breach, the unauthorized party has no use for the information. Strong encryption mechanisms will protect customer data from outsiders and even the company itself.<\/p>\n\n\n\n

Regulatory Oversight and Future Considerations<\/strong> <\/p>\n\n\n\n

It is important to also note that Park\u2019N Fly expressed their commitment to protecting the privacy of their customers by notifying the Office of the Privacy Commissioner of Canada of the breach. Although customers expressed their frustration concerning the incident, this important step is something organizations should comply with to safeguard their reputation and avoid huge fines or penalties due to a lack of compliance with applicable laws and regulations. This incident strengthens and provides a backing for all other organizations to be more vigilant and hold the security and privacy of customer data as a priority. Several organizations do not follow industry standards and frameworks to build an information security program which could lead to a gap in their security practices and an inability to effectively protect their customers and respond proactively to incidents. Building an information security program and having a risk management framework in place will go a long way in foreseeing potential risks and putting preventive and detective controls in place to stop similar incidents from occurring. <\/p>\n\n\n\n

References<\/strong> <\/p>\n\n\n\n

\u201cPark\u2019n Fly Reveals Data Breach Affecting 1 Million Customer Files | CBC News.\u201d CBCnews<\/em>, CBC\/Radio Canada, 26 Aug. 2024, www.cbc.ca\/news\/business\/park-n-fly-data-breach-canada-1.7305301<\/a>. <\/p>\n\n\n\n

\u201cPark\u2019n Fly Data Breach Included Personal Information of 1m Canadian Customers, Company Says.\u201d Toronto<\/em>, 26 Aug. 2024, toronto.ctvnews.ca\/park-n-fly-data-breach-included-personal-information-of-1m-canadian-customers-company-says-1.7014541. <\/p>\n\n\n\n

Silvestre, Irish Mae. \u201c1 Million Customer Files Accessed in Huge Park\u2019n Fly Data Breach: Canada.\u201d 1 Million Customer Files Accessed in Huge Park\u2019N Fly Data Breach | Canada<\/em>, Daily Hive, 26 Aug. 2024, dailyhive.com\/canada\/park-n-fly-canada-data-security-breach. <\/p>\n\n\n\n

Toulas, Bill. \u201cPark\u2019n Fly Notifies 1 Million Customers of Data Breach.\u201d BleepingComputer<\/em>, BleepingComputer, 27 Aug. 2024, www.bleepingcomputer.com\/news\/security\/parkn-fly-notifies-1-million-customers-of-data-breach\/<\/a>. <\/p>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Introduction  Park\u2019N Fly is a popular airport parking service that experienced a data breach between July 11 to July 13, 2024. This company operates in several cities in Canada such as Ottawa, Montreal, Halifax, Edmonton, Toronto, Winnipeg, and Vancouver. The level of compromise was announced much later in August 2024, disclosing that about 1 million … <\/p>\n

Continue reading “Park’N Fly Data Breach\u00a0“<\/span><\/a><\/p>\n","protected":false},"author":682,"featured_media":610,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-604","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","entry"],"featured_image_src":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2024\/09\/towfiqu-barbhuiya-em5w9_xj3uU-unsplash-600x400.jpg","featured_image_src_square":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2024\/09\/towfiqu-barbhuiya-em5w9_xj3uU-unsplash-600x600.jpg","author_info":{"display_name":"Faizah Kolapo","author_link":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/author\/faizah-kolapo\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/posts\/604","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/users\/682"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/comments?post=604"}],"version-history":[{"count":2,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/posts\/604\/revisions"}],"predecessor-version":[{"id":614,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/posts\/604\/revisions\/614"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/media\/610"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/media?parent=604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/categories?post=604"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-json\/wp\/v2\/tags?post=604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}