In the latest mass-scale data breach, cyber criminals maneuvered themselves into the network of parking facility service provider SP+.

Between September 29 and November 10, criminals had access to payment card data at garages in Philadelphia, Seattle and Chicago, including:

Cardholders’ names

Card numbers

Expiration data

Verification codes

Below is a list of the 17 affected parking facilities and the dates when they were at risk.

FACILITY CITY EARLIEST AT RISK LAST AT RISK 55 EAST MONROE CHICAGO 9/29/2014 10/29/2014 AON CENTER CHICAGO 9/29/2014 10/30/2014 JOHN HANCOCK GARAGE CHICAGO 9/29/2014 11/04/2014 1460 N. HALSTED (BlackHawk) CHICAGO 9/29/2014 10/29/2014 10 E. ONTARIO CHICAGO 9/29/2014 10/29/2014 CUMBERLAND CTA CHICAGO 9/29/2014 10/29/2014 500 W MONROE CHICAGO 9/29/2014 10/29/2014 AQUA CHICAGO 9/29/2014 10/29/2014 PRESIDENTIAL TOWERS CHICAGO 9/29/2014 10/31/2014 120 NORTH LASALLE CHICAGO 10/06/2014 10/29/2014 GATEWAY EAST GARAGE CLEVELAND 10/08/2014 10/23/2014 CHURCH GARAGE EVANSTON 10/08/2014 10/26/2014 MAPLE GARAGE EVANSTON 10/08/2014 11/10/2014 SHERMAN GARAGE EVANSTON 10/08/2014 11/01/2014 1700 MARKET STREET PHILADELPHIA 10/08/2014 10/22/2014 NATIONAL CONSTITUTION CENTER PHILADELPHIA 10/08/2014 10/22/2014 520 PIKE GARAGE SEATTLE 4/14/2014 10/31/2014

The alarm was raised to SP+ on November 3 by their payment card processor, who informed them of unauthorized access on their network. The cyber criminal(s) used a remote access tool (RAT) to plant malware designed to search for payment card data.

An investigation was launched immediately, and a public notice was posted on the SP+ website:

“Though SP+ does not have sufficient information to identify whether any specific cards were taken or to mail notification letters to the potentially affected cardholders, SP+ wanted to let its customers know about this incident as soon as it could.”

If you used your card at one of the above locations between the dates listed, then we recommend that you review your statements for any unauthorized activity. If you spot something which isn’t genuine, then contact your bank immediately.

Want to keep up-to-date on the latest hacks and breaches? Subscribe to our Daily Sentinel for daily updates as well as a free gift everyday until Christmas.