Ferry Company Reports Card Breach60,000 Transactions Compromised By Malware
Payment card transactions conducted at the Cape May-Lewes Ferry in Delaware were compromised for almost a year, exposing card numbers and other information.
Card processing systems related to food, beverage and retail sales at the ferry were infected with malware from Sept. 20, 2013, to Aug. 7, 2014, affecting about 60,000 transactions, says Jim Salmon, a spokesman for the Delaware River and Bay Authority, which operates the ferry. It's unclear how many payment cards were exposed, because the authority doesn't store card data on its systems, Salmon says.
Compromised information includes card numbers, cardholder names and card expiration dates. The malware used in the breach has been removed, and transactions conducted from Aug. 8 and on have been processed securely, according to the authority.
The authority says it became aware of the compromise on July 30, and immediately launched an investigation involving third-party forensics experts.
Impacted individuals who made purchases during the period of compromise are being offered one year of free identity theft protection services, including credit monitoring.
"We take the security of our customers' personal information very seriously and work extremely hard to protect their credit and debit card data," says Heath Gehrke, director of ferry operations at the authority. "Despite any company's best efforts, intrusions can occur. With the help of professional experts, we want to understand the nature and scope of this incident so we can learn from it."