Officials are investigating whether any personal information was stolen from users of three parking garages in downtown Annapolis.
"On June 11, 2016, SP+ was advised that malware that targets credit and debit card data may have been installed on equipment used to process card payments for Noah Hillman Garage, Gott’s Court Garage, and Knighton Garage,” according to a statement released by SP+, the city’s parking management firm.
They suspect the malware was installed on December 23, 2015. At that time the parking facilities were being managed by a previous vendor.
When SP+ took over the payment collection and credit card services on June 1, they ran some scans and discovered the malware on June 11.
"According to the preliminary investigation, we know that this malware can take credit card numbers, the name of the credit card holder, the cvv, which is on the back, and the expiration date,” said City spokesperson Rhonda Wardlaw.
Immediately after they detected the malware, SP+ took down the servers and started accepting cash-only at the three garages.
Officials are now advising that users during that six-month period keep a close eye on their account activity. At this time, they don’t believe monthly parking or residential permit holders were affected.
“Anyone who may have used their credit card in the swipe at the three garages, contact the credit company and just say 'the possibility exists that I might have been compromised, can you put a flag on my credit card?',” said Wardlaw.
Officials have not said yet how the system was compromised or how many people were impacted.
For now, the garages will continue to be cash-only until new servers are installed. The City is also hoping to have the credit card kiosks back-up and running before July 4 weekend.
“We've never had this problem before and we don't anticipate it happening again. SP+ has a system in place where they're monitoring this and will be checking it on a regular basis and we hope to not see this happen again,” said Rick Gordon, director of the department of transportation for the City of Annapolis.
SP+ has hired an outside expert to conduct a comprehensive forensic investigation into the scope and nature of the incident. The Maryland Attorney General's Office is also looking into the possible breach.
If you have any questions, you can call 410-263-7020 Monday through Friday 8:30 a.m. to 4:30 p.m., or e-mail datasecurity@annapolis.gov.
