Around one million customers who use the popular airport service Park ‘N Fly may have had their personal information compromised after the company fell prey to a data security breach last month.
The company announced that a third-party breached its networks using an unauthorized remote VPN, which occurred sometime between July 11 and 13.
However, news of the cyber attack was only made public over the weekend.
While Park ‘N Fly’s platforms were fully restored within five days of the breach, the company estimates that around 1 million customers have likely had their personal information obtained by the cyber attack.
Customers’ leaked information includes names, emails and mailing addresses, as well as Aeroplan and CAA numbers.
“Needless to say, this is completely unacceptable,” former Ontario privacy commissioner Ann Cavoukian told True North.
“Access to one million customers’ personal information was gained by unauthorized third parties – customers’ names, addresses, emails, Aeroplan and CAA numbers were all accessed in this third-party data breach.”
However, credit cards, payment information and passwords were stored on a separate server, which was not compromised by the breach, according to the company.
Park ‘N Fly said that it can assure customers with “certainty” that no customer “credit cards or passwords are stored on our servers and no payment information was compromised.”
Still, Cavoukian wonders why customers’ personal information wasn’t strongly secured.
“Encryption and other forms of security can prevent such occurrences from taking place. Park’N Fly should be strongly admonished for the lack of strong security measures,” she said.
The company said it launched an investigation into the cause of the breach, aling with its cyber security partner as soon as it became aware.
“Immediately upon discovering this event, Park’N Fly’s Information Technology team launched an investigation along with the cyber security partner to assess what types of information may have been accessed,” a spokesperson told True North.
“Additionally, Park’N Fly engaged with third-party experts to support its own security and IT teams. Security surveillance has since been increased through our cyber security partner, including updating the anti-virus software throughout the network.”
Park ‘N Fly confirmed that customers and stakeholders whose information was likely to have been directly impacted have already been contacted by the company directly via email.
“At Park’N Fly, the trust and security of our customers are paramount. While we deeply regret any concern this incident may have caused, we want to reassure our valued customers and partners that we are taking all necessary steps to safeguard their information,” said Park ‘N Fly’s chief executive officer Carlo Marrello in a statement.
“We remain committed to transparency and will continue to prioritize the integrity of our systems as we navigate this situation.”
