An email from Park’N Fly letting him know his personal information may have been compromised due to a recent “security incident” has left Barrie resident Don Wright feeling frustrated.
Not only is he having to be even more vigilant than ever for fear that his personal information may have ended up in the wrong hands, but Wright is also spending countless hours changing and updating numerous online passwords, as well as reaching out to his bank to ensure no fraudulent charges have been — or can be made — on his accounts.
“I haven’t used Park’N Fly in more than two years,” he told BarrieToday, adding his initial concern was about his credit cards.
“Thankfully, the email said my credit card was not compromised, so that’s good news. But, of course, now I have to be aware of every single text and email I get for the next six months," Wright added. "It puts you in a precarious spot because I run a business off this number, so now that I am getting (fraudulent) texts … if I get texts and I don’t reply, am I going to be losing business?
“It puts you between a rock and a hard place where you have to be so observant now. I think I have already gotten a few spam texts … and since the weekend I have had two (phishing texts) and one of those spam (texts) regarding banking," he said.
The letter, which Wright received shortly before 10 a.m. on Monday, Aug. 26, indicated the data breach occurred between July 11 and July 13, 2024.
“Park’N Fly discovered that an unauthorized third party accessed our network through remote VPN access,” it stated. “On Aug. 1, 2024, we determined that some of your personal information was likely affected by the incident. We have not seen any additional unauthorized activity since we began our investigation.”
The email also stated that no financial or payment card information is stored on the company’s servers and was not involved in this breach.
“The personal information that may have been obtained by the third party may have included your name and basic contact information, such as email address and mailing address, Aeroplan and CAA number — to the extent you provided such information to us. No financial or payment card information was accessed," it states.
The company says it has been “diligently investigating” the incident with the assistance of outside experts and has increased security surveillance through its cyber-security partner, including updating the anti-virus software throughout the network. The company says they also took several technical and administrative steps to further enhance the security of its networks, explained the letter to customers.
“We recommend you remain vigilant and be mindful of phishing attempts, such as emails from unknown senders, or those that contain unusual content, such as links or attachments, or being asked to provide personal information over the phone," the letter states.
The company says it "deeply regret" the incident and is "fully committed to protecting your information."
Wright takes that with a grain of salt.
“It’s just interesting that even though they’re telling you your information is secure … but not really. You have to step up that next level of vigilance,” he said, adding others may not be as adept at spotting scams. “Some (people) are just greedy over common sense. So really? Another data breach? It’s getting almost silly. It seems like every other week there is a data breach being announced.”
Even though the letter said credit-card information was not compromised, the local videographer says he has already spoken with his financial institution to ensure they contact him for permission for any charge over $500.
“I am supposed to be editing now, but I am spending all these hours dealing with banks and making sure all of my passwords are changed," Wright said.
Given the recent data breach, Wright says he likely won’t be using the company’s services again any time soon.
“I will probably use a ride service in the future, because then I can pay cash,” he said. “Anytime you get one of these (letters), take it seriously.”
According to the privacy policy on the company's website, Park’N Fly "will only retain your personal information as long as is necessary for the fulfillment of the purposes for which it was collected or as required by law." The company also noted the default retention period for any information collection, unless specified differently in the fine print, is seven years "after which it is destroyed or rendered such that it is unable to identify you."
The company said any one with questions or concerns regarding this matter can call them at 1-844-405-3577.