Park’N Fly, a popular Canadian airport parking service firm, recently announced that nearly one million customers have been affected by a data breach that occurred last month. The company disclosed that approximately 1 million customer files were accessed by a third party through unauthorized remote VPN access to the Park’N Fly network.
The data breach took place between July 11 and July 13, during which personal information such as names, email and mail addresses, and Aeroplan and CAA numbers may have been compromised. However, Park’N Fly assured customers that no financial information, passwords, or credit card payment details were stored on their servers.
After discovering the breach, the company sent out emails to notify customers on August 1, 2024, about the incident and informed them that their personal information might have been affected. Park’N Fly emphasized that they have been diligently investigating the breach with the help of external experts.
The company managed to fully restore its platforms within five days of the breach and has since enhanced its cybersecurity measures to prevent future incidents. Park’N Fly’s CEO, Carlo Marrello, reassured customers and partners that they are taking all necessary steps to safeguard their information and prioritize the integrity of their systems.
The data breach has raised concerns among customers, with one resident named Don Wright expressing his worries about his credit card information and the potential impact on his business. However, Park’N Fly reiterated their commitment to transparency and stated that they would continue to prioritize the security of their systems moving forward.
In response to the breach, Park’N Fly also advised customers to remain vigilant against phishing attempts, such as emails from unknown senders or suspicious links and attachments. They recommended being cautious about providing personal information over the phone to protect against potential fraud.
According to the company’s privacy policy, Park’N Fly only retains personal information for as long as necessary for the fulfillment of its intended purposes or as required by law. The default retention period for any collected information is seven years, after which it is either destroyed or rendered unidentifiable.
Overall, the data breach incident at Park’N Fly underscores the ongoing threat of cybersecurity breaches and the importance of implementing robust security measures to protect customer data. By enhancing their cybersecurity protocols and prioritizing transparency, the company aims to restore customer trust and mitigate the impact of the breach on its operations.