The confidential data of one million Park’N Fly customers has been stolen after the company fell victim to a cyber attack.
The news was confirmed in a letter from the company announcing a data breach, which stated that cybercriminals had gained access to the company’s IT infrastructure in July 2024 using stolen VPN credentials.
The crooks stole people’s full names, email addresses, postal addresses, Aeroplan numbers and CAA numbers. No payment details were taken, the company confirmed.
Passwords are safe
“Park’N Fly discovered that an unauthorized third party had access to our network via remote VPN access,” the letter read. “Based on our investigation, we determined that the unauthorized activity occurred between July 11 and July 13, 2024. On August 1, 2024, we determined that some of your personal information was likely impacted by the incident.”
Park’n Fly offers airport parking services, providing travelers with convenient, secure parking options near major airports in 70 locations worldwide. However, its largest operations are in Canada and the United States. The company also offers additional services such as car washes and valet parking to enhance the travel experience for its customers.
A company spokesman said about a million customer files had been accessed, but that passwords had not been stolen.
Park’n Fly took five days to restore its systems and is now working on adding further security measures to ensure such incidents do not occur again.
“While we deeply regret any disruption caused by this incident, we want to assure our valued customers and partners that we are taking all necessary measures to protect their data,” said Carlo Marrello, CEO of Park’N Fly.
“We remain committed to transparency and will continue to prioritize the integrity of our systems as we navigate this situation.”
Via BleepingComputer